Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SourceTreeSetup-3.4.19.exe

Overview

General Information

Sample name:SourceTreeSetup-3.4.19.exe
Analysis ID:1523483
MD5:4bd79bab4339cac6714cd1ff595ccff4
SHA1:eaeea52764e69b54672fd6dd358139f26310e5fd
SHA256:8d6d66e4c5079bbd512269029a2d992f20a6696c5782dcb02397a823905f4505
Infos:

Detection

Score:36
Range:0 - 100
Whitelisted:false
Confidence:20%

Compliance

Score:36
Range:0 - 100

Signatures

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
EXE planting / hijacking vulnerabilities found
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • SourceTreeSetup-3.4.19.exe (PID: 4852 cmdline: "C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exe" MD5: 4BD79BAB4339CAC6714CD1FF595CCFF4)
  • SourceTreeSetup-3.4.19.exe (PID: 2964 cmdline: "C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exe" --rerunningWithoutUAC MD5: 4BD79BAB4339CAC6714CD1FF595CCFF4)
    • Update.exe (PID: 6620 cmdline: "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC MD5: BE71BD64082B4BA88D1B59C2D432C340)
      • SourceTree.exe (PID: 2804 cmdline: "C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe" --squirrel-install 3.4.19 MD5: 4672BD9DA0C27C16BB9DC4C94672DCB4)
      • SourceTree.exe (PID: 5448 cmdline: "C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe" --squirrel-firstrun MD5: 4672BD9DA0C27C16BB9DC4C94672DCB4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Update.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\RestSharp.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Nuget.Core.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
        C:\Users\user\AppData\Local\SquirrelTemp\Update.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          C:\Users\user\AppData\Local\SourceTree\Update.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.SourceTree.exe.1d7f5cb0000.86.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              3.0.Update.exe.f80000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\getopt.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\patch.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\putty\puttygen.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\stree_gri.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\putty\pageant.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\putty\plink.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\7z.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\Update.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\SourceTree.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\Askpass.exeJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeEXE: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION SourceTree.exeJump to behavior

                Compliance

                barindex
                EXE planting / hijacking vulnerabilities found
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\getopt.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\patch.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\putty\puttygen.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\stree_gri.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\putty\pageant.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\putty\plink.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\7z.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\Update.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\SourceTree.exeJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeEXE: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\Askpass.exeJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeEXE: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeJump to behavior
                Uses 32bit PE files
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Creates a software uninstall entry
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SourceTreeJump to behavior
                Creates install or setup log file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SquirrelTemp\SquirrelSetup.logJump to behavior
                Creates license or readme file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\licenses\EULA.pdfJump to behavior
                PE / OLE file has a valid certificate
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: certificate valid
                Uses secure TLS version for HTTPS connections
                Source: unknownHTTPS traffic detected: 3.161.73.137:443 -> 192.168.2.5:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.73.137:443 -> 192.168.2.5:49721 version: TLS 1.2
                Contains modern PE file flags such as dynamic base (ASLR) or NX
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Binary contains paths to debug symbols
                Source: Binary string: C:\Users\Administrator\actions-runner2\_work\sourcetreewin\sourcetreewin\Atlassian.Libraries\Atlassian.GutenbergTextView\GutenbergTextView\obj\Release\Atlassian.GutenbergTextView.pdb source: SourceTree.exe, 00000004.00000002.2440161177.000001D7F4A92000.00000002.00000001.01000000.0000002E.sdmp
                Source: Binary string: /_/src/Logging/Logging.Configuration/src/obj/Release/netstandard2.0/Microsoft.Extensions.Logging.Configuration.pdb source: Update.exe, 00000003.00000002.2337346163.00000000039C2000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000039E8000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: /_/src/Configuration/Config/src/obj/Release/netstandard2.0/Microsoft.Extensions.Configuration.pdb source: SourceTree.exe, 00000004.00000002.2433921178.000001D7F4302000.00000002.00000001.01000000.0000001D.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Ui.FileList.TreeView.Wpf\obj\Debug\SourceTree.Ui.FileList.TreeView.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2447157957.000001D7F5192000.00000002.00000001.01000000.0000004F.sdmp
                Source: Binary string: C:\Users\mpagani\Source\AppConsult\Windows-AppConsult-Tools-DesktopBridgeHelpers\DesktopBridge.Helpers\obj\Debug\net45\DesktopBridge.Helpers.pdb source: SourceTree.exe, 00000004.00000002.2439240279.000001D7F4992000.00000002.00000001.01000000.00000029.sdmp
                Source: Binary string: E:\A\_work\339\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netstandard\System.Threading.Tasks.Extensions.pdbSHA256 source: Update.exe, 00000003.00000002.2337346163.0000000003942000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003969000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.UI.CommitContainer.Wpf\obj\Debug\SourceTree.UI.CommitContainer.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2446851536.000001D7F5142000.00000002.00000001.01000000.0000004B.sdmp
                Source: Binary string: !bin\;!bld\;!ClientBin\;!Debug\;!obj\;!AppPackages\;!Release\;!TestResults\;!*.*~!*.appx!*.appxrecipe;!*.cache!*.cer!*.dbmdl!*.dll!*.docstates!*.docstates.suo;!*.err!*.exe!*.ilk!*.ipch!*.lastbuildstate!*.lce!*.ldf!*.lib!*.log!*.mdf!*.msscci!*.ncb!*.obj!*.opensdf!*.pch!*.pdb!*.pri!*.res!*.resources!*.sdf!*.suo!*.swp!*.temp!*.tfOrig*!*.tlog!*.tmp!*.trx!*.user!*.unsuccessfulbuild!*.v11.suo!*.vcxproj.user!*.vsix!*.vsmdi!*.vspscc!*.vssettings!*.vssscc!*.wrn!*.xap;!.metadata\ source: Update.exe, 00000003.00000002.2337346163.000000000341D000.00000004.00000800.00020000.00000000.sdmp, Microsoft.TeamFoundation.VersionControl.Common.dll.3.dr
                Source: Binary string: /_/src/Options/Options/src/obj/Release/netstandard2.0/Microsoft.Extensions.Options.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2423455096.000001D7DB5A2000.00000002.00000001.01000000.00000015.sdmp
                Source: Binary string: D:\V2.0\A1\_work\44\obj\Release.AnyCPU\Tfs.ExtendedClient\MS.TF.TestManagement.Client\Microsoft.TeamFoundation.TestManagement.Client.pdb source: Microsoft.TeamFoundation.TestManagement.Client.dll.3.dr
                Source: Binary string: c:\Users\Administrator\actions-runner2\_work\sourcetreewin\sourcetreewin\Atlassian.Libraries\Atlassian.Utilities\Atlassian.Utilities\obj\Release\Atlassian.Utilities.pdb,*N* @*_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2440307772.000001D7F4AB2000.00000002.00000001.01000000.00000030.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Api.Account.Pat\obj\Debug\netstandard2.0\Sourcetree.Api.Account.Pat.pdbSHA256y source: SourceTree.exe, 00000004.00000002.2441216299.000001D7F4B72000.00000002.00000001.01000000.00000037.sdmp
                Source: Binary string: D:\V2.0\A1\_work\44\obj\Release.AnyCPU\Tfs.ExtendedClient\MS.TF.Lab.TestIntegration.Client\Microsoft.TeamFoundation.Lab.TestIntegration.Client.pdb source: Microsoft.TeamFoundation.Lab.TestIntegration.Client.dll.3.dr
                Source: Binary string: LIB/NET45/MONO.CECIL.PDB.DLL source: Update.exe, 00000003.00000002.2337346163.0000000003617000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DBE92000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\saha340\Projects\Git\WPF-Task-Dialog\TaskDialog\obj\Release\TaskDialog.pdb source: SourceTree.exe, 00000004.00000002.2434017295.000001D7F4312000.00000002.00000001.01000000.0000001E.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Host.GitLab\obj\Debug\netstandard2.0\Sourcetree.Host.GitLab.pdb source: SourceTree.exe, 00000004.00000002.2442391292.000001D7F4C82000.00000002.00000001.01000000.00000043.sdmp
                Source: Binary string: C:\projects\Squirrel.Windows\build\obj\Squirrel\Release\net45\Squirrel.pdbSHA256/ source: SourceTree.exe, 00000004.00000002.2450551036.000001D7F55B2000.00000002.00000001.01000000.00000060.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAAF000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\projects\libgit2sharp-nativebinaries\libgit2\build\RelWithDebInfo\git2-106a5f2.pdb source: git2-106a5f2.dll0.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Host.Identity\obj\Debug\SourceTree.Api.Host.Identity.pdb source: SourceTree.exe, 00000004.00000002.2441536704.000001D7F4BB2000.00000002.00000001.01000000.0000003B.sdmp, SourceTree.Api.Host.Identity.dll.3.dr
                Source: Binary string: c:\Users\Matthew.Davey\Dropbox\Checkouts\WeeGems\WeeGems.Option\obj\Release\WeeGems.Option.pdb source: Update.exe, 00000003.00000002.2337346163.0000000003823000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000383D000.00000004.00000800.00020000.00000000.sdmp, WeeGems.Option.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Host.Bitbucket.Server\obj\Debug\SourceTree.Host.Bitbucket.Server.pdb` source: SourceTree.exe, 00000004.00000002.2446605100.000001D7F50F2000.00000002.00000001.01000000.00000048.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Api.Account.Pat\obj\Debug\netstandard2.0\Sourcetree.Api.Account.Pat.pdb source: SourceTree.exe, 00000004.00000002.2441216299.000001D7F4B72000.00000002.00000001.01000000.00000037.sdmp
                Source: Binary string: lib/net45/Mono.Cecil.Pdb.dll@\]q$ source: Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: D:\V2.0\A1\_work\44\obj\Release.AnyCPU\Vssf.Client\MS.VS.Services.Common\Microsoft.VisualStudio.Services.Common.pdb source: SourceTree.exe, 00000004.00000002.2451809086.000001D7F5702000.00000002.00000001.01000000.00000062.sdmp, Microsoft.VisualStudio.Services.Common.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Host.Bitbucket\obj\Debug\SourceTree.Host.Bitbucket.pdb source: SourceTree.exe, 00000004.00000002.2442579500.000001D7F4CA2000.00000002.00000001.01000000.00000045.sdmp
                Source: Binary string: C:\agent1\_work\27\s\src\Microsoft.IdentityModel.Clients.ActiveDirectory.Platform\obj\Release\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.pdb source: Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll.3.dr
                Source: Binary string: lib/net45/Mono.Cecil.Pdb.dll@\]q source: Update.exe, 00000003.00000002.2337346163.00000000033B9000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Api.Framework\obj\Debug\Sourcetree.Api.Framework.pdbHmbm Tm_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2441452133.000001D7F4BA2000.00000002.00000001.01000000.0000003A.sdmp
                Source: Binary string: /_/src/Logging/Logging.Configuration/src/obj/Release/netstandard2.0/Microsoft.Extensions.Logging.Configuration.pdbSHA256" source: Update.exe, 00000003.00000002.2337346163.00000000039C2000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000039E8000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: c:\b\4741\2186\src\intermediate\System.Threading.Tasks.Dataflow.csproj_1037d191\Release\System.Threading.Tasks.Dataflow.pdb source: Update.exe, 00000003.00000002.2337346163.0000000003942000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003928000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2447827174.000001D7F5262000.00000002.00000001.01000000.00000053.sdmp
                Source: Binary string: $]qFC:\Users\user\AppData\Local\SourceTree\app-3.4.19\Mono.Cecil.Pdb.dll source: Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\paulb\code\Squirrel\squirrel.windows\src\Setup\bin\Release\Setup.pdb source: SourceTreeSetup-3.4.19.exe
                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Collections.Immutable\netstandard\System.Collections.Immutable.pdb source: SourceTree.exe, 00000004.00000002.2447464343.000001D7F5212000.00000002.00000001.01000000.00000052.sdmp
                Source: Binary string: c:\b\4741\2186\src\intermediate\System.Threading.Tasks.Dataflow.csproj_1037d191\Release\System.Threading.Tasks.Dataflow.pdb@w source: Update.exe, 00000003.00000002.2337346163.0000000003942000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Dvcs.Hg\obj\Debug\SourceTree.Dvcs.Hg.pdbt! source: SourceTree.exe, 00000004.00000002.2442194647.000001D7F4C52000.00000002.00000001.01000000.00000042.sdmp, SourceTree.Dvcs.Hg.dll.3.dr
                Source: Binary string: mscorlib.pdb source: SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAAF000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Composition.AttributedModel\netstandard\System.Composition.AttributedModel.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2448554556.000001D7F5372000.00000002.00000001.01000000.00000058.sdmp
                Source: Binary string: /_/src/DependencyInjection/DI.Abstractions/src/obj/Release/netstandard2.0/Microsoft.Extensions.DependencyInjection.Abstractions.pdbSHA2562 source: Update.exe, 00000003.00000002.2337346163.000000000399C000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ReactiveUI.pdb source: SourceTree.exe, 00000004.00000002.2448615694.000001D7F5392000.00000002.00000001.01000000.00000059.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Analytics\SourceTree.Api.Analytics\obj\Debug\SourceTree.Api.Analytics.pdb source: SourceTree.exe, 00000004.00000002.2441296524.000001D7F4B82000.00000002.00000001.01000000.00000038.sdmp
                Source: Binary string: $]q4http://defaultcontainer/lib/net45/Mono.Cecil.Pdb.dll`,]q4http://defaultcontainer/lib/net45/Mono.Cecil.Pdb.dlld source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.UI.FileListContainer.NoStaging.Wpf\obj\Debug\SourceTree.UI.FileListContainer.NoStaging.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2447222210.000001D7F51A2000.00000002.00000001.01000000.00000050.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Accounts.Windows\obj\Debug\SourceTree.Accounts.Windows.pdb source: SourceTree.exe, 00000004.00000002.2440385499.000001D7F4AC2000.00000002.00000001.01000000.00000031.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Analytics\Sourcetree.Analytics.Emau\obj\Debug\netstandard2.0\Sourcetree.Analytics.Emau.pdb source: SourceTree.exe, 00000004.00000002.2440949154.000001D7F4B42000.00000002.00000001.01000000.00000034.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Dvcs.Hg\obj\Debug\SourceTree.Dvcs.Hg.pdb source: SourceTree.exe, 00000004.00000002.2442194647.000001D7F4C52000.00000002.00000001.01000000.00000042.sdmp, SourceTree.Dvcs.Hg.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Account\obj\Debug\SourceTree.Api.Account.pdb source: SourceTree.exe, 00000004.00000002.2439039596.000001D7F4962000.00000002.00000001.01000000.00000026.sdmp
                Source: Binary string: /_/src/Logging/Logging.Console/src/obj/Release/netstandard2.0/Microsoft.Extensions.Logging.Console.pdb source: Update.exe, 00000003.00000002.2337346163.00000000039F4000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003A0D000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423340776.000001D7DB562000.00000002.00000001.01000000.00000013.sdmp, Microsoft.Extensions.Logging.Console.dll.3.dr
                Source: Binary string: c:\Users\Administrator\actions-runner2\_work\sourcetreewin\sourcetreewin\Atlassian.Libraries\Atlassian.PathTrimmingTextBlock\Atlassian.PathTrimmingTextBlock\obj\Release\Atlassian.PathTrimmingTextBlock.pdb source: SourceTree.exe, 00000004.00000002.2440248560.000001D7F4AA2000.00000002.00000001.01000000.0000002F.sdmp
                Source: Binary string: C:\Users\Administrator\code2\ae3e0d9d-8f1c-53dc-b46b-65dce19487a8\1677043917973\build\Bitbucket.Libraries\BitbucKitServer.Net\BitbucKitServer.Net.Api\obj\Release\BitbucKitServer.Net.Api.pdb source: SourceTree.exe, 00000004.00000002.2448490605.000001D7F5362000.00000002.00000001.01000000.00000057.sdmp, BitbucKitServer.Net.Api.dll.3.dr
                Source: Binary string: C:\projects\Squirrel.Windows\vendor\nuget\src\Core\obj\Coverage\NuGet.Squirrel.pdb source: SourceTree.exe, 00000004.00000002.2456556762.000001D7F5D62000.00000002.00000001.01000000.00000067.sdmp
                Source: Binary string: /_/src/Configuration/Config.Abstractions/src/obj/Release/netstandard2.0/Microsoft.Extensions.Configuration.Abstractions.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2434178994.000001D7F4332000.00000002.00000001.01000000.0000001F.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Host.Atlassianaccount\obj\Debug\SourceTree.Host.AtlassianAccount.pdb<GVG HG_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2441882463.000001D7F4C02000.00000002.00000001.01000000.00000040.sdmp
                Source: Binary string: C:\projects\Squirrel.Windows\build\obj\Squirrel\Release\net45\Squirrel.pdb source: SourceTree.exe, 00000004.00000002.2450551036.000001D7F55B2000.00000002.00000001.01000000.00000060.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAAF000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Dvcs.Hg.Ui.Wpf\obj\Debug\SourceTree.Dvcs.Hg.Ui.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2441723940.000001D7F4BE2000.00000002.00000001.01000000.0000003E.sdmp
                Source: Binary string: Splat.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2448339623.000001D7F5342000.00000002.00000001.01000000.00000056.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api\obj\Debug\netstandard2.0\SourceTree.Api.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2423381219.000001D7DB572000.00000002.00000001.01000000.00000014.sdmp
                Source: Binary string: C:\projects\sharpcompress\src\SharpCompress\obj\Release\net45\SharpCompress.pdbL source: SharpCompress.dll.3.dr
                Source: Binary string: C:\projects\libgit2sharp-nativebinaries\libgit2\build\RelWithDebInfo\git2-106a5f2.pdb~ source: git2-106a5f2.dll0.3.dr
                Source: Binary string: Mono.Cecil.Pdb.dll source: Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: Squirrel.pdb source: SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAAF000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: d:\dd\WebToolsExtensions\SDK2.4\intermediate\dev12\Release\Publish\Microsoft.Web.XmlTransform.pdb source: Microsoft.Web.XmlTransform.dll.3.dr
                Source: Binary string: /_/src/Configuration/Config.Abstractions/src/obj/Release/netstandard2.0/Microsoft.Extensions.Configuration.Abstractions.pdb source: SourceTree.exe, 00000004.00000002.2434178994.000001D7F4332000.00000002.00000001.01000000.0000001F.sdmp
                Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: Update.exe, 00000003.00000002.2337346163.0000000003883000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000385D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: SourceTree.exe, 00000004.00000002.2450431929.000001D7F5562000.00000002.00000001.01000000.0000005F.sdmp
                Source: Binary string: c:\Users\Kent\Repository\wpfconverters\Src\Kent.Boogaart.Converters\obj\FX45 Release\Kent.Boogaart.Converters.pdb source: SourceTree.exe, 00000007.00000002.3944487573.000001D3E9B62000.00000002.00000001.01000000.00000068.sdmp, Kent.Boogaart.Converters.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\763db6d4-2acb-5c63-9de6-7ada1022506a\1713172038208\build\Bitbucket.Libraries\Bitbucket.Net\BitbucKit.Net.Refit\obj\Release\netstandard2.0\BitbucKit.Net.Refit.pdb source: BitbucKit.Net.Refit.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.CustomActions\obj\Debug\SourceTree.Api.CustomActions.pdb source: SourceTree.exe, 00000004.00000002.2438966201.000001D7F4952000.00000002.00000001.01000000.00000025.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Analytics\Sourcetree.Analytics.Emau\obj\Debug\netstandard2.0\Sourcetree.Analytics.Emau.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2440949154.000001D7F4B42000.00000002.00000001.01000000.00000034.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\obj\Debug\Sourcetree.pdb source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.dr
                Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038A9000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Programming\Github\ColorCode-Universal\ColorCode.Core\obj\Release\netstandard1.4\ColorCode.Core.pdb source: SourceTree.exe, 00000004.00000002.2448953354.000001D7F53E2000.00000002.00000001.01000000.0000005A.sdmp
                Source: Binary string: C:\Users\saha340\Projects\Git\WPF-Task-Dialog\TaskDialog\obj\Release\TaskDialog.pdbh} source: SourceTree.exe, 00000004.00000002.2434017295.000001D7F4312000.00000002.00000001.01000000.0000001E.sdmp
                Source: Binary string: C:\Users\Administrator\code\763db6d4-2acb-5c63-9de6-7ada1022506a\1713172038208\build\Atlassian.Libraries\Atlassian.FastTree\Atlassian.FastTree\obj\Release\Atlassian.FastTree.pdbL source: SourceTree.exe, 00000004.00000002.2433562622.000001D7F42B2000.00000002.00000001.01000000.00000019.sdmp
                Source: Binary string: /_/src/DependencyInjection/DI.Abstractions/src/obj/Release/netstandard2.0/Microsoft.Extensions.DependencyInjection.Abstractions.pdb source: Update.exe, 00000003.00000002.2337346163.000000000399C000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: Refit.pdbSHA256 source: Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.dr
                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: SourceTree.exe, 00000004.00000002.2449649910.000001D7F54A2000.00000002.00000001.01000000.0000005E.sdmp, Newtonsoft.Json.dll.3.dr
                Source: Binary string: D:\V2.0\A1\_work\44\obj\Release.AnyCPU\Tfs.Client\MS.TF.SourceControl.WebApi\Microsoft.TeamFoundation.SourceControl.WebApi.pdb source: SourceTree.exe, 00000004.00000002.2454946478.000001D7F5AA2000.00000002.00000001.01000000.00000065.sdmp
                Source: Binary string: System.Reactive.pdb source: SourceTree.exe, 00000004.00000002.2435844874.000001D7F4572000.00000002.00000001.01000000.00000022.sdmp
                Source: Binary string: Splat.pdb source: SourceTree.exe, 00000004.00000002.2448339623.000001D7F5342000.00000002.00000001.01000000.00000056.sdmp
                Source: Binary string: C:\projects\dragablz\Dragablz\obj\Release\net45\Dragablz.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2438673026.000001D7F48B2000.00000002.00000001.01000000.00000023.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Host.Scm\obj\Debug\SourceTree.Api.Host.Scm.pdb source: SourceTree.exe, 00000004.00000002.2441592815.000001D7F4BC2000.00000002.00000001.01000000.0000003C.sdmp, SourceTree.Api.Host.Scm.dll.3.dr
                Source: Binary string: C:\projects\dragablz\Dragablz\obj\Release\net45\Dragablz.pdb source: SourceTree.exe, 00000004.00000002.2438673026.000001D7F48B2000.00000002.00000001.01000000.00000023.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Host\obj\Debug\SourceTree.Api.Host.pdblH source: SourceTree.exe, 00000004.00000002.2439097863.000001D7F4972000.00000002.00000001.01000000.00000027.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.UI.Wpf\obj\Debug\SourceTree.Api.UI.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2434288501.000001D7F4352000.00000002.00000001.01000000.00000021.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Dvcs.Hg.Ui.Wpf\obj\Debug\SourceTree.Dvcs.Hg.Ui.Wpf.pdbPUjU \U_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2441723940.000001D7F4BE2000.00000002.00000001.01000000.0000003E.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Analytics\SourceTree.Analytics\obj\Debug\SourceTree.Analytics.pdbw] source: SourceTree.exe, 00000004.00000002.2440466472.000001D7F4AD2000.00000002.00000001.01000000.00000032.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Ui.FileList.MultiColumn.Wpf\obj\Debug\SourceTree.Ui.FileList.MultiColumn.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2446905997.000001D7F5152000.00000002.00000001.01000000.0000004C.sdmp, SourceTree.Ui.FileList.MultiColumn.Wpf.dll.3.dr
                Source: Binary string: C:\Users\Administrator\actions-runner2\_work\sourcetreewin\sourcetreewin\Atlassian.Libraries\Atlassian.GutenbergTextView\GutenbergTextView\obj\Release\Atlassian.GutenbergTextView.pdb, source: SourceTree.exe, 00000004.00000002.2440161177.000001D7F4A92000.00000002.00000001.01000000.0000002E.sdmp
                Source: Binary string: /_/src/Options/Options/src/obj/Release/netstandard2.0/Microsoft.Extensions.Options.pdb source: SourceTree.exe, 00000004.00000002.2423455096.000001D7DB5A2000.00000002.00000001.01000000.00000015.sdmp
                Source: Binary string: C:\Users\Administrator\code\763db6d4-2acb-5c63-9de6-7ada1022506a\1713172038208\build\Bitbucket.Libraries\Bitbucket.Net\BitbucKit.Net.Refit\obj\Release\netstandard2.0\BitbucKit.Net.Refit.pdbSHA256 source: BitbucKit.Net.Refit.dll.3.dr
                Source: Binary string: /lib/net45/Mono.Cecil.Pdb.dll`,]q source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: lib/net45/Mono.Cecil.Pdb.dll source: Update.exe, 00000003.00000002.2337346163.0000000003617000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DBE92000.00000004.00000800.00020000.00000000.sdmp, SourceTreeSetup-3.4.19.exe, SourceTree-3.4.19-full.nupkg
                Source: Binary string: DynamicData.pdb source: SourceTree.exe, 00000004.00000002.2452408234.000001D7F5832000.00000002.00000001.01000000.00000063.sdmp
                Source: Binary string: D:\V2.0\A1\_work\44\obj\Release.AnyCPU\Tfs.ExtendedClient\MS.TF.VersionControl.Common\Microsoft.TeamFoundation.VersionControl.Common.pdb source: Update.exe, 00000003.00000002.2337346163.000000000341D000.00000004.00000800.00020000.00000000.sdmp, Microsoft.TeamFoundation.VersionControl.Common.dll.3.dr
                Source: Binary string: Refit.pdb source: Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.UI.Window.Welcome.Wpf\obj\Debug\SourceTree.UI.Window.Welcome.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2433648563.000001D7F42C2000.00000002.00000001.01000000.0000001A.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Localisation\obj\Debug\netstandard2.0\SourceTree.Localisation.pdb source: SourceTree.exe, 00000004.00000002.2439314630.000001D7F49A2000.00000002.00000001.01000000.0000002A.sdmp, SourceTree.Localisation.dll.3.dr
                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Composition.AttributedModel\netstandard\System.Composition.AttributedModel.pdb source: SourceTree.exe, 00000004.00000002.2448554556.000001D7F5372000.00000002.00000001.01000000.00000058.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Account.Basic\obj\Debug\SourceTree.Api.Account.Basic.pdb source: SourceTree.exe, 00000004.00000002.2441038308.000001D7F4B52000.00000002.00000001.01000000.00000035.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Benchmark\obj\Debug\SourceTree.Api.Benchmark.pdb0gJg <g_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2441369987.000001D7F4B92000.00000002.00000001.01000000.00000039.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Composition.VSMef.Net471\obj\Debug\Sourcetree.Composition.VSMef.Net48.pdb source: SourceTree.exe, 00000004.00000002.2433781146.000001D7F42E2000.00000002.00000001.01000000.0000001B.sdmp
                Source: Binary string: D:\V2.0\A1\_work\44\obj\Release.AnyCPU\Vssf.Client\MS.VS.Services.WebApi\Microsoft.VisualStudio.Services.WebApi.pdb source: SourceTree.exe, 00000004.00000002.2453128556.000001D7F5912000.00000002.00000001.01000000.00000064.sdmp
                Source: Binary string: E:\A\_work\21\s\obj\Release\Microsoft.VisualStudio.Validation.Desktop\Microsoft.VisualStudio.Validation.pdb source: SourceTree.exe, 00000004.00000002.2439175850.000001D7F4982000.00000002.00000001.01000000.00000028.sdmp, Microsoft.VisualStudio.Validation.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Dvcs.Git.UI.Wpf\obj\Debug\Sourcetree.Dvcs.Git.UI.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2441660495.000001D7F4BD2000.00000002.00000001.01000000.0000003D.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Analytics\Atlassian.AnalyticsService.Client\obj\Debug\netstandard2.0\Atlassian.AnalyticsService.Client.pdb source: SourceTree.exe, 00000004.00000002.2440066015.000001D7F4A82000.00000002.00000001.01000000.0000002D.sdmp
                Source: Binary string: C:\Programming\Github\ColorCode-Universal\ColorCode.Core\obj\Release\netstandard1.4\ColorCode.Core.pdbSHA256C source: SourceTree.exe, 00000004.00000002.2448953354.000001D7F53E2000.00000002.00000001.01000000.0000005A.sdmp
                Source: Binary string: /_/src/Primitives/src/obj/Release/netstandard2.0/Microsoft.Extensions.Primitives.pdbSHA256T source: SourceTree.exe, 00000004.00000002.2438899966.000001D7F4942000.00000002.00000001.01000000.00000024.sdmp
                Source: Binary string: F:\agent1\_work\20\s\src\System.IdentityModel.Tokens.Jwt\obj\release\net451\System.IdentityModel.Tokens.Jwt.pdb source: Update.exe, 00000003.00000002.2337346163.0000000003850000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000385D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: D:\V2.0\A1\_work\44\obj\Release.AnyCPU\Tfs.Client\MS.TF.Core.WebApi\Microsoft.TeamFoundation.Core.WebApi.pdb source: SourceTree.exe, 00000004.00000002.2449340169.000001D7F5432000.00000002.00000001.01000000.0000005C.sdmp, Microsoft.TeamFoundation.Core.WebApi.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Host.GitLab\obj\Debug\netstandard2.0\Sourcetree.Host.GitLab.pdbSHA256( source: SourceTree.exe, 00000004.00000002.2442391292.000001D7F4C82000.00000002.00000001.01000000.00000043.sdmp
                Source: Binary string: D:\Documents\GitHub\NotificationsExtensions\Windows 10\NotificationsExtensions.Win10.NETCore\obj\Release\NotificationsExtensions.Win10.pdbTO source: SourceTree.exe, 00000007.00000002.3952572560.000001D3EEB62000.00000002.00000001.01000000.00000069.sdmp, NotificationsExtensions.Win10.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Analytics\Atlassian.AnalyticsService.Client\obj\Debug\netstandard2.0\Atlassian.AnalyticsService.Client.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2440066015.000001D7F4A82000.00000002.00000001.01000000.0000002D.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Host\obj\Debug\SourceTree.Api.Host.pdb source: SourceTree.exe, 00000004.00000002.2439097863.000001D7F4972000.00000002.00000001.01000000.00000027.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Host.Msft.TeamServices\obj\Debug\netstandard2.0\Sourcetree.Host.Msft.TeamServices.pdb source: SourceTree.exe, 00000004.00000002.2442486228.000001D7F4C92000.00000002.00000001.01000000.00000044.sdmp, Sourcetree.Host.Msft.TeamServices.dll.3.dr
                Source: Binary string: DynamicData.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2452408234.000001D7F5832000.00000002.00000001.01000000.00000063.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Dvcs.Git.UI.Wpf\obj\Debug\Sourcetree.Dvcs.Git.UI.Wpf.pdb,VFV 8V_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2441660495.000001D7F4BD2000.00000002.00000001.01000000.0000003D.sdmp
                Source: Binary string: c:\personal_source\RestSharp\RestSharp.Net452\obj\Release\RestSharp.pdb source: SourceTree.exe, 00000004.00000002.2449131450.000001D7F5402000.00000002.00000001.01000000.0000005B.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Host.GitHub\obj\Debug\SourceTree.Host.GitHub.pdb source: SourceTree.exe, 00000004.00000002.2446703111.000001D7F5112000.00000002.00000001.01000000.00000049.sdmp
                Source: Binary string: bin;bld;ClientBin;Debug;obj;AppPackages;Release;TestResults;FakesAssemblies;*.*~;*.appx;*.appxrecipe;*.build.csdef;*.cache;*.cer;*.class;*.dbmdl;*.dll;*.docstates;*.docstates.suo;*.DS_Store;*.err;*.exe;*.ilk;*.ipch;*.lastbuildstate;*.lce;*.ldf;*.lib;*.log;*.mdf;*.msscci;*.ncb;*.obj;*.opensdf;*.pch;*.pdb;*.pri;*.res;*.resources;*.sdf;*.suo;*.svn;*.swp;*.temp;*.tfOrig*;*.tlog;*.tmp;*.trx;*.user;*.unsuccessfulbuild;*.v11.suo;*.vcxproj.user;*.vsix;*.vsmdi;*.vspscc;*.vssettings;*.vssscc;*.wrn;*.xap;.metadata source: Update.exe, 00000003.00000002.2337346163.000000000341D000.00000004.00000800.00020000.00000000.sdmp, Microsoft.TeamFoundation.VersionControl.Common.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.UI.Window.Welcome.Wpf\obj\Debug\SourceTree.UI.Window.Welcome.Wpf.pdbd source: SourceTree.exe, 00000004.00000002.2433648563.000001D7F42C2000.00000002.00000001.01000000.0000001A.sdmp
                Source: Binary string: E:\A\_work\339\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netstandard\System.Threading.Tasks.Extensions.pdb source: Update.exe, 00000003.00000002.2337346163.0000000003942000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003969000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: c:\projects\bitbucket.org\atlassianlabs\askpass\Askpass.UI.Wpf\obj\Release\Askpass.UI.Wpf.pdb source: Askpass.UI.Wpf.dll.3.dr
                Source: Binary string: d:\projects\bitbucket.org\atlassian\sourcetree\sourcetreeshared\SourceTreeShared\obj\Release\SourceTreeShared.pdb source: SourceTreeShared.dll.3.dr
                Source: Binary string: ReactiveUI.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2448615694.000001D7F5392000.00000002.00000001.01000000.00000059.sdmp
                Source: Binary string: C:\Users\mpagani\Source\AppConsult\Windows-AppConsult-Tools-DesktopBridgeHelpers\DesktopBridge.Helpers\obj\Debug\net45\DesktopBridge.Helpers.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2439240279.000001D7F4992000.00000002.00000001.01000000.00000029.sdmp
                Source: Binary string: C:\dev\github\roaminglost\chimera.extensions.logging.log4net\src\chimera.extensions.logging.log4net\bin\Release\net451\chimera.extensions.logging.log4net.pdb source: SourceTree.exe, 00000004.00000002.2433835454.000001D7F42F2000.00000002.00000001.01000000.0000001C.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.UI.Diff\obj\Debug\SourceTree.UI.Diff.pdb source: SourceTree.exe, 00000004.00000002.2447062008.000001D7F5172000.00000002.00000001.01000000.0000004E.sdmp
                Source: Binary string: C:\projects\sharpcompress\src\SharpCompress\obj\Release\net45\SharpCompress.pdb source: SharpCompress.dll.3.dr
                Source: Binary string: JC:\projects\Squirrel.Windows\build\obj\Squirrel\Release\net45\Squirrel.pdb source: SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAAF000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: c:\Users\Matthew.Davey\Dropbox\Checkouts\WeeGems\WeeGems.Require\obj\Release\WeeGems.Require.pdb source: Update.exe, 00000003.00000002.2337346163.00000000034A8000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034C7000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2433207494.000001D7F3E02000.00000002.00000001.01000000.00000017.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Analytics\SourceTree.Api.Analytics\obj\Debug\SourceTree.Api.Analytics.pdbS*m* _*_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2441296524.000001D7F4B82000.00000002.00000001.01000000.00000038.sdmp
                Source: Binary string: lib/net45/Mono.Cecil.Pdb.dlllH|m source: Update.exe, 00000003.00000002.2337346163.0000000003617000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: E:\A\_work\104\s\obj\Microsoft.VisualStudio.Composition\Release\net45\Microsoft.VisualStudio.Composition.pdb source: SourceTree.exe, 00000004.00000002.2440529503.000001D7F4AE2000.00000002.00000001.01000000.00000033.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Ui.FileList.SingleColumn.Wpf\obj\Debug\SourceTree.Ui.FileList.SingleColumn.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2446991097.000001D7F5162000.00000002.00000001.01000000.0000004D.sdmp
                Source: Binary string: c:\Users\Matthew.Davey\Dropbox\Checkouts\WeeGems\WeeGems.Option\obj\Release\WeeGems.Option.pdb(J>J 0J_CorDllMainmscoree.dll source: Update.exe, 00000003.00000002.2337346163.0000000003823000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000383D000.00000004.00000800.00020000.00000000.sdmp, WeeGems.Option.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.UI.Wpf\obj\Debug\SourceTree.Api.UI.Wpf.pdb< source: SourceTree.exe, 00000004.00000002.2434288501.000001D7F4352000.00000002.00000001.01000000.00000021.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Ui.FileList.MultiColumn.Wpf\obj\Debug\SourceTree.Ui.FileList.MultiColumn.Wpf.pdbXnrn dn_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2446905997.000001D7F5152000.00000002.00000001.01000000.0000004C.sdmp, SourceTree.Ui.FileList.MultiColumn.Wpf.dll.3.dr
                Source: Binary string: System.Reactive.pdbSHA256; source: SourceTree.exe, 00000004.00000002.2435844874.000001D7F4572000.00000002.00000001.01000000.00000022.sdmp
                Source: Binary string: 4http://defaultcontainer/lib/net45/Mono.Cecil.Pdb.dll source: SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: lib/net45/Mono.Cecil.Pdb.dll0y source: SourceTree.exe, 00000004.00000002.2423499610.000001D7DBE92000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Dev\vvvv\SVG\Source\obj\Release\Svg.pdb source: Svg.dll.3.dr
                Source: Binary string: c:\Users\Administrator\actions-runner2\_work\sourcetreewin\sourcetreewin\Atlassian.Libraries\Atlassian.PathTrimmingTextBlock\Atlassian.PathTrimmingTextBlock\obj\Release\Atlassian.PathTrimmingTextBlock.pdbH8^8 P8_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2440248560.000001D7F4AA2000.00000002.00000001.01000000.0000002F.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Host.Msft.TeamServices\obj\Debug\netstandard2.0\Sourcetree.Host.Msft.TeamServices.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2442486228.000001D7F4C92000.00000002.00000001.01000000.00000044.sdmp, Sourcetree.Host.Msft.TeamServices.dll.3.dr
                Source: Binary string: d:\TCAgents\buildAgent1\work\c81b3924259cf9ee\github\slf4net\obj\Release\slf4net.pdb source: SourceTree.exe, 00000004.00000002.2434234756.000001D7F4342000.00000002.00000001.01000000.00000020.sdmp, slf4net.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Installer.Squirrel.UI\obj\Debug\Sourcetree.Installer.Squirrel.UI.pdb source: SourceTree.exe, 00000004.00000002.2446782077.000001D7F5132000.00000002.00000001.01000000.0000004A.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Analytics\SourceTree.Analytics\obj\Debug\SourceTree.Analytics.pdb source: SourceTree.exe, 00000004.00000002.2440466472.000001D7F4AD2000.00000002.00000001.01000000.00000032.sdmp
                Source: Binary string: E:\A\_work\104\s\obj\Microsoft.VisualStudio.Composition\Release\net45\Microsoft.VisualStudio.Composition.pdb!k source: SourceTree.exe, 00000004.00000002.2440529503.000001D7F4AE2000.00000002.00000001.01000000.00000033.sdmp
                Source: Binary string: C:\Users\Administrator\code\763db6d4-2acb-5c63-9de6-7ada1022506a\1713172038208\build\Atlassian.Libraries\Atlassian.FastTree\Atlassian.FastTree\obj\Release\Atlassian.FastTree.pdb source: SourceTree.exe, 00000004.00000002.2433562622.000001D7F42B2000.00000002.00000001.01000000.00000019.sdmp
                Source: Binary string: D:\Documents\GitHub\NotificationsExtensions\Windows 10\NotificationsExtensions.Win10.NETCore\obj\Release\NotificationsExtensions.Win10.pdb source: SourceTree.exe, 00000007.00000002.3952572560.000001D3EEB62000.00000002.00000001.01000000.00000069.sdmp, NotificationsExtensions.Win10.dll.3.dr
                Source: Binary string: Octokit.pdbMPDB source: SourceTree.exe, 00000004.00000002.2450903511.000001D7F5632000.00000002.00000001.01000000.00000061.sdmp
                Source: Binary string: /lib/net45/Mono.Cecil.Pdb.dll source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: c:\b\4741\2186\src\intermediate\System.Threading.Tasks.Dataflow.csproj_1037d191\Release\System.Threading.Tasks.Dataflow.pdb source: Update.exe, 00000003.00000002.2337346163.0000000003928000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: d:\dd\WebToolsExtensions\SDK2.4\intermediate\dev12\Release\Publish\Microsoft.Web.XmlTransform.pdb4: source: Microsoft.Web.XmlTransform.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Dvcs\obj\Debug\SourceTree.Api.Dvcs.pdb source: SourceTree.exe, 00000004.00000002.2439915527.000001D7F4A52000.00000002.00000001.01000000.0000002C.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Benchmark\obj\Debug\SourceTree.Api.Benchmark.pdb source: SourceTree.exe, 00000004.00000002.2441369987.000001D7F4B92000.00000002.00000001.01000000.00000039.sdmp
                Source: Binary string: /_/src/Logging/Logging.Abstractions/src/obj/Release/netstandard2.0/Microsoft.Extensions.Logging.Abstractions.pdb source: Update.exe, 00000003.00000002.2337346163.000000000399C000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000039C2000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423005552.000001D7D9C42000.00000002.00000001.01000000.00000011.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Host.Atlassianaccount\obj\Debug\SourceTree.Host.AtlassianAccount.pdb source: SourceTree.exe, 00000004.00000002.2441882463.000001D7F4C02000.00000002.00000001.01000000.00000040.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Localisation\obj\Debug\netstandard2.0\SourceTree.Localisation.pdbSHA256, source: SourceTree.exe, 00000004.00000002.2439314630.000001D7F49A2000.00000002.00000001.01000000.0000002A.sdmp, SourceTree.Localisation.dll.3.dr
                Source: Binary string: /_/src/Logging/Logging.Console/src/obj/Release/netstandard2.0/Microsoft.Extensions.Logging.Console.pdbSHA256 source: Update.exe, 00000003.00000002.2337346163.00000000039F4000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003A0D000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423340776.000001D7DB562000.00000002.00000001.01000000.00000013.sdmp, Microsoft.Extensions.Logging.Console.dll.3.dr
                Source: Binary string: /_/src/Logging/Logging/src/obj/Release/netstandard2.0/Microsoft.Extensions.Logging.pdbSHA256 source: Update.exe, 00000003.00000002.2337346163.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423277919.000001D7DB552000.00000002.00000001.01000000.00000012.sdmp
                Source: Binary string: /_/src/GongSolutions.WPF.DragDrop/obj/Release/net48/GongSolutions.WPF.DragDrop.pdb source: SourceTree.exe, 00000004.00000002.2448135668.000001D7F5322000.00000002.00000001.01000000.00000055.sdmp
                Source: Binary string: D:\a\sourcetree-assets\sourcetree-assets\SourceTree.UI.Theme.Wpf\SourceTree.UI.Theme.Wpf\obj\Release\SourceTree.UI.Theme.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2442823138.000001D7F500C000.00000002.00000001.01000000.00000047.sdmp
                Source: Binary string: c:\BuildAgent\work\220dc32f273423f2\Tooling\obj\Release\System.Net.Http.Formatting\System.Net.Http.Formatting.pdb source: Update.exe, 00000003.00000002.2337346163.0000000003883000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038A9000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ReactiveUI.WPF.pdbSHA256" source: SourceTree.exe, 00000004.00000002.2433396437.000001D7F40C2000.00000002.00000001.01000000.00000018.sdmp
                Source: Binary string: c:\Users\Matthew.Davey\Dropbox\Checkouts\WeeGems\WeeGems.Require\obj\Release\WeeGems.Require.pdb@:^: P:_CorDllMainmscoree.dll source: Update.exe, 00000003.00000002.2337346163.00000000034A8000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034C7000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2433207494.000001D7F3E02000.00000002.00000001.01000000.00000017.sdmp
                Source: Binary string: /_/src/Logging/Logging/src/obj/Release/netstandard2.0/Microsoft.Extensions.Logging.pdb source: Update.exe, 00000003.00000002.2337346163.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423277919.000001D7DB552000.00000002.00000001.01000000.00000012.sdmp
                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Collections.Immutable\netstandard\System.Collections.Immutable.pdbSHA256* source: SourceTree.exe, 00000004.00000002.2447464343.000001D7F5212000.00000002.00000001.01000000.00000052.sdmp
                Source: Binary string: C:\projects\libgit2sharp-nativebinaries\libgit2\build\build64\RelWithDebInfo\git2-106a5f2.pdb source: git2-106a5f2.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\stree_gri\obj\Debug\stree_gri.pdb source: stree_gri.exe.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Dvcs.Git\obj\Debug\SourceTree.Dvcs.Git.pdb source: SourceTree.exe, 00000004.00000002.2441961915.000001D7F4C12000.00000002.00000001.01000000.00000041.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Api.Framework\obj\Debug\Sourcetree.Api.Framework.pdb source: SourceTree.exe, 00000004.00000002.2441452133.000001D7F4BA2000.00000002.00000001.01000000.0000003A.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Installer.Squirrel\obj\Debug\Sourcetree.Installer.Squirrel.pdb source: SourceTree.exe, 00000004.00000002.2442714316.000001D7F4CC2000.00000002.00000001.01000000.00000046.sdmp
                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2449649910.000001D7F54A2000.00000002.00000001.01000000.0000005E.sdmp, Newtonsoft.Json.dll.3.dr
                Source: Binary string: /_/src/GongSolutions.WPF.DragDrop/obj/Release/net48/GongSolutions.WPF.DragDrop.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2448135668.000001D7F5322000.00000002.00000001.01000000.00000055.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Dvcs.None\obj\Debug\SourceTree.Dvcs.None.pdb source: SourceTree.exe, 00000004.00000002.2441785716.000001D7F4BF2000.00000002.00000001.01000000.0000003F.sdmp
                Source: Binary string: ReactiveUI.WPF.pdb source: SourceTree.exe, 00000004.00000002.2433396437.000001D7F40C2000.00000002.00000001.01000000.00000018.sdmp
                Source: Binary string: /_/src/Primitives/src/obj/Release/netstandard2.0/Microsoft.Extensions.Primitives.pdb source: SourceTree.exe, 00000004.00000002.2438899966.000001D7F4942000.00000002.00000001.01000000.00000024.sdmp
                Source: Binary string: C:\Users\Administrator\code2\ae3e0d9d-8f1c-53dc-b46b-65dce19487a8\1677043917973\build\Bitbucket.Libraries\BitbucKitServer.Net\BitbucKitServer.Net.Refit\obj\Release\BitbucKitServer.Net.Refit.pdb source: SourceTree.exe, 00000004.00000002.2433092664.000001D7F3DF2000.00000002.00000001.01000000.00000016.sdmp
                Source: Binary string: C:\projects\gitlabapiclient\src\GitLabApiClient\obj\Release\netstandard2.0\GitLabApiClient.pdb source: SourceTree.exe, 00000004.00000002.2449464204.000001D7F5462000.00000002.00000001.01000000.0000005D.sdmp
                Source: Binary string: c:\Users\Administrator\actions-runner2\_work\sourcetreewin\sourcetreewin\Atlassian.Libraries\Atlassian.Utilities\Atlassian.Utilities\obj\Release\Atlassian.Utilities.pdb source: SourceTree.exe, 00000004.00000002.2440307772.000001D7F4AB2000.00000002.00000001.01000000.00000030.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Ui.FileListContainer.Split.Wpf\obj\Debug\SourceTree.Ui.FileListContainer.Split.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2447311337.000001D7F51B2000.00000002.00000001.01000000.00000051.sdmp
                Source: Binary string: c:\projects\bitbucket.org\atlassianlabs\askpass\Askpass.UI.Wpf\obj\Release\Askpass.UI.Wpf.pdbH source: Askpass.UI.Wpf.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Microsoft.Alm\obj\Debug\Microsoft.Alm.pdb source: Microsoft.Alm.dll.3.dr
                Source: Binary string: /_/src/Configuration/Config/src/obj/Release/netstandard2.0/Microsoft.Extensions.Configuration.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2433921178.000001D7F4302000.00000002.00000001.01000000.0000001D.sdmp
                Source: Binary string: C:\Users\Administrator\code\763db6d4-2acb-5c63-9de6-7ada1022506a\1713172038208\build\Bitbucket.Libraries\Bitbucket.Net\BitbucKit.Net.Api\obj\Release\netstandard2.0\BitbucKit.Net.Api.pdb source: SourceTree.exe, 00000004.00000002.2448014407.000001D7F5312000.00000002.00000001.01000000.00000054.sdmp, BitbucKit.Net.Api.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\763db6d4-2acb-5c63-9de6-7ada1022506a\1713172038208\build\Bitbucket.Libraries\Bitbucket.Net\BitbucKit.Net.Api\obj\Release\netstandard2.0\BitbucKit.Net.Api.pdbSHA256R source: SourceTree.exe, 00000004.00000002.2448014407.000001D7F5312000.00000002.00000001.01000000.00000054.sdmp, BitbucKit.Net.Api.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Host.Bitbucket.Server\obj\Debug\SourceTree.Host.Bitbucket.Server.pdb source: SourceTree.exe, 00000004.00000002.2446605100.000001D7F50F2000.00000002.00000001.01000000.00000048.sdmp
                Source: Binary string: /_/src/Logging/Logging.Abstractions/src/obj/Release/netstandard2.0/Microsoft.Extensions.Logging.Abstractions.pdbSHA256 source: Update.exe, 00000003.00000002.2337346163.000000000399C000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000039C2000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423005552.000001D7D9C42000.00000002.00000001.01000000.00000011.sdmp
                Source: Binary string: C:\projects\libgit2sharp-nativebinaries\libgit2\build\build64\RelWithDebInfo\git2-106a5f2.pdb| source: git2-106a5f2.dll.3.dr
                Source: Binary string: /LIB/NET45/MONO.CECIL.PDB.DLL source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api\obj\Debug\netstandard2.0\SourceTree.Api.pdb source: SourceTree.exe, 00000004.00000002.2423381219.000001D7DB572000.00000002.00000001.01000000.00000014.sdmp
                Source: Binary string: c:\TeamCity\buildAgent\work\1aad0b52fc40d6db\src\Core\obj\Release\NuGet.Core.pdb source: SourceTree.exe, 00000004.00000002.2455794809.000001D7F5CB2000.00000002.00000001.01000000.00000066.sdmp
                Source: Binary string: Octokit.pdb source: SourceTree.exe, 00000004.00000002.2450903511.000001D7F5632000.00000002.00000001.01000000.00000061.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Account.OAuth.TwoZero\obj\Debug\SourceTree.Api.Account.OAuth.TwoZero.pdb source: SourceTree.exe, 00000004.00000002.2441120442.000001D7F4B62000.00000002.00000001.01000000.00000036.sdmp, SourceTree.Api.Account.OAuth.TwoZero.dll.3.dr
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4x nop then jmp 00007FF848F3A8F1h4_2_00007FF848F3A838
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4x nop then jmp 00007FF849E44870h4_2_00007FF849E446E5
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4x nop then jmp 00007FF849E44666h4_2_00007FF849E444D6
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4x nop then jmp 00007FF849E41606h4_2_00007FF849E4144E
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4x nop then jmp 00007FF849E43DA2h4_2_00007FF849E43C01
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4x nop then dec eax4_2_00007FF849E426D0
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4x nop then dec eax4_2_00007FF849E427AE
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4x nop then jmp 00007FF848F2A871h7_2_00007FF848F2A7A5
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4x nop then dec eax7_2_00007FF849AE476D

                Networking

                barindex
                Yara detected Generic Downloader
                Source: Yara matchFile source: Update.exe, type: SAMPLE
                Source: Yara matchFile source: 4.2.SourceTree.exe.1d7f5cb0000.86.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.0.Update.exe.f80000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\RestSharp.dll, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Nuget.Core.dll, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\SourceTree\Update.exe, type: DROPPED
                Source: global trafficHTTP traffic detected: GET /software/sourcetree/windows/ga/sourcetree_ga.ico HTTP/1.1Host: product-downloads.atlassian.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /software/sourcetree/windows/ga/RELEASES?id=SourceTree&localVersion=3.4.19&arch=amd64 HTTP/1.1Host: product-downloads.atlassian.comConnection: Keep-Alive
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /software/sourcetree/windows/ga/sourcetree_ga.ico HTTP/1.1Host: product-downloads.atlassian.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /software/sourcetree/windows/ga/RELEASES?id=SourceTree&localVersion=3.4.19&arch=amd64 HTTP/1.1Host: product-downloads.atlassian.comConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: product-downloads.atlassian.com
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038F6000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038F6000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                Source: SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.0000000002900000.00000004.00000020.00020000.00000000.sdmp, SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.00000000028F2000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003823000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000383D000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034A8000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034C7000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2432229265.000001D7F3D32000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2436809478.000001D7F46D1000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2432229265.000001D7F3CC0000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3939895902.000001D3E8B32000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3936305714.000001D3E7A00000.00000004.00000020.00020000.00000000.sdmp, BitbucKit.Net.Refit.dll.3.dr, Askpass.UI.Wpf.dll.3.dr, BitbucKitServer.Net.Api.dll.3.dr, SourceTree.exe.3.dr, slf4net.dll.3.dr, SourceTree.Api.Host.Scm.dll.3.dr, stree_gri.exe.3.dr, git2-106a5f2.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                Source: SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.0000000002900000.00000004.00000020.00020000.00000000.sdmp, SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.00000000028F2000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003823000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000383D000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034A8000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034C7000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAAF000.00000004.00000800.00020000.00000000.sdmp, BitbucKit.Net.Refit.dll.3.dr, Askpass.UI.Wpf.dll.3.dr, BitbucKitServer.Net.Api.dll.3.dr, SourceTree.exe.3.dr, slf4net.dll.3.dr, SourceTree.Api.Host.Scm.dll.3.dr, stree_gri.exe.3.dr, git2-106a5f2.dll.3.dr, SourceTree.Api.Host.Identity.dll.3.dr, libintl3.dll.3.dr, Svg.dll.3.dr, BitbucKit.Net.Api.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038F6000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038F6000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038F6000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                Source: SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.0000000002900000.00000004.00000020.00020000.00000000.sdmp, SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.00000000028F2000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003823000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000383D000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034A8000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034C7000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2432229265.000001D7F3D32000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2436809478.000001D7F46D1000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2432229265.000001D7F3CC0000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3939895902.000001D3E8B32000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3936305714.000001D3E7A00000.00000004.00000020.00020000.00000000.sdmp, BitbucKit.Net.Refit.dll.3.dr, Askpass.UI.Wpf.dll.3.dr, BitbucKitServer.Net.Api.dll.3.dr, SourceTree.exe.3.dr, slf4net.dll.3.dr, SourceTree.Api.Host.Scm.dll.3.dr, stree_gri.exe.3.dr, git2-106a5f2.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                Source: SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.0000000002900000.00000004.00000020.00020000.00000000.sdmp, SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.00000000028F2000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003823000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000383D000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034A8000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034C7000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAAF000.00000004.00000800.00020000.00000000.sdmp, BitbucKit.Net.Refit.dll.3.dr, Askpass.UI.Wpf.dll.3.dr, BitbucKitServer.Net.Api.dll.3.dr, SourceTree.exe.3.dr, slf4net.dll.3.dr, SourceTree.Api.Host.Scm.dll.3.dr, stree_gri.exe.3.dr, git2-106a5f2.dll.3.dr, SourceTree.Api.Host.Identity.dll.3.dr, libintl3.dll.3.dr, Svg.dll.3.dr, BitbucKit.Net.Api.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038F6000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038F6000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038F6000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.0000000002900000.00000004.00000020.00020000.00000000.sdmp, SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.00000000028F2000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003823000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000383D000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034A8000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034C7000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2432229265.000001D7F3D32000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2436809478.000001D7F46D1000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2432229265.000001D7F3CC0000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3939895902.000001D3E8B32000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3936305714.000001D3E7A00000.00000004.00000020.00020000.00000000.sdmp, BitbucKit.Net.Refit.dll.3.dr, Askpass.UI.Wpf.dll.3.dr, BitbucKitServer.Net.Api.dll.3.dr, SourceTree.exe.3.dr, slf4net.dll.3.dr, SourceTree.Api.Host.Scm.dll.3.dr, stree_gri.exe.3.dr, git2-106a5f2.dll.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038F6000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038F6000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                Source: Update.exe, 00000003.00000002.2337346163.00000000037CC000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFB5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://d145e4fdyl6drh.cloudfront.net
                Source: Update.exe, 00000003.00000002.2337346163.00000000037CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://d145e4fdyl6drh.cloudfront.netd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Readme.txt
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Readme.txtd
                Source: Update.exe, 00000003.00000002.2337346163.0000000003760000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC2AA000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/SourceTree.nuspec
                Source: Update.exe, 00000003.00000002.2337346163.0000000003760000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/SourceTree.nuspecd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/_rels/.rels
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/_rels/.relsd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Atlassian.FastTree.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Atlassian.FastTree.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Atlassian.GutenbergTextView.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Atlassian.GutenbergTextView.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Atlassian.Utilities.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Atlassian.Utilities.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/BitbucKit.Net.Api.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/BitbucKit.Net.Api.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/BitbucKitServer.Net.Api.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/BitbucKitServer.Net.Api.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/BitbucKitServer.Net.Refit.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/BitbucKitServer.Net.Refit.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/ColorCode.Core.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/ColorCode.Core.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/DeltaCompressionDotNet.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/DeltaCompressionDotNet.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/DesktopBridge.Helpers.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/DesktopBridge.Helpers.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/DevOne.Security.Cryptography.BCrypt.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/DevOne.Security.Cryptography.BCrypt.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Dragablz.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Dragablz.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/DynamicData.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/DynamicData.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/GitLabApiClient.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/GitLabApiClient.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/GongSolutions.Wpf.DragDrop.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/GongSolutions.Wpf.DragDrop.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/HtmlAgilityPack.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/HtmlAgilityPack.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Kent.Boogaart.Converters.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Kent.Boogaart.Converters.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Kent.Boogaart.HelperTrinity.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Kent.Boogaart.HelperTrinity.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/LibGit2Sharp.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/LibGit2Sharp.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Alm.Authentication.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Alm.Authentication.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Alm.Git.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Alm.Git.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Alm.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Alm.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Expression.Interactions.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Expression.Interactions.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Extensions.Configuration.Binder.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Extensions.Configuration.Binder.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Extensions.DependencyInjection.Abstractions.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Extensions.DependencyInjection.Abstractions.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Extensions.Logging.Abstractions.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Extensions.Logging.Abstractions.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Extensions.Logging.Configuration.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Extensions.Logging.Configuration.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Extensions.Logging.Console.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Extensions.Logging.Console.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Extensions.Options.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Extensions.Options.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Extensions.Primitives.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.Extensions.Primitives.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.IdentityModel.Clients.ActiveDirectory.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.IdentityModel.Clients.ActiveDirectory.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.IdentityModel.Logging.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.IdentityModel.Logging.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Build.Client.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Build.Client.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Build.Common.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Build.Common.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Build2.WebApi.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Build2.WebApi.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Client.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Client.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Common.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Common.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.DeleteTeamProject.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.DeleteTeamProject.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Diff.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Diff.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Discussion.Client.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Discussion.Client.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.DistributedTask.Common.Contracts.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.DistributedTask.Common.Contracts.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Git.Client.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Git.Client.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Lab.Common.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Lab.Common.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Lab.TestIntegration.Client.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Lab.TestIntegration.Client.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Lab.WorkflowIntegration.Client.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Lab.WorkflowIntegration.Client.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Policy.WebApi.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Policy.WebApi.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.ProjectManagement.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.ProjectManagement.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.SourceControl.WebApi.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.SourceControl.WebApi.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Test.WebApi.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Test.WebApi.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.TestImpact.Client.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.TestImpact.Client.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.TestManagement.Client.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.TestManagement.Client.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.TestManagement.Common.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.TestManagement.Common.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.TestManagement.WebApi.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.TestManagement.WebApi.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.VersionControl.Client.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.VersionControl.Client.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.VersionControl.Common.Integration.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.VersionControl.Common.Integration.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Wiki.WebApi.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Wiki.WebApi.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Work.WebApi.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Work.WebApi.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.WorkItemTracking.Client.DataStoreLoader.d
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.WorkItemTracking.Client.QueryLanguage.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.WorkItemTracking.Proxy.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.WorkItemTracking.Proxy.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.WorkItemTracking.WebApi.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.WorkItemTracking.WebApi.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.VisualStudio.Composition.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.VisualStudio.Composition.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.VisualStudio.Services.Common.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.VisualStudio.Services.Common.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.VisualStudio.Services.WebApi.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.VisualStudio.Services.WebApi.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.VisualStudio.Validation.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.VisualStudio.Validation.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.WindowsAPICodePack.Shell.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Microsoft.WindowsAPICodePack.Shell.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Mono.Cecil.Mdb.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Mono.Cecil.Mdb.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Mono.Cecil.Pdb.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Mono.Cecil.Pdb.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Mono.Cecil.Rocks.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Mono.Cecil.Rocks.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Mono.Cecil.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Mono.Cecil.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/MvvmValidation.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/MvvmValidation.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Nito.AsyncEx.Tasks.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Nito.AsyncEx.Tasks.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Nito.Disposables.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Nito.Disposables.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/NuGet.Squirrel.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/NuGet.Squirrel.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Nuget.Core.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Nuget.Core.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Octokit.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Octokit.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/ReactiveUI.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/ReactiveUI.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Refit.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Refit.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/RestSharp.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/RestSharp.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Accounts.Windows.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Accounts.Windows.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Analytics.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Analytics.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Account.Basic.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Account.Basic.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Account.OAuth.TwoZero.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Account.OAuth.TwoZero.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Account.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Account.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Analytics.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Analytics.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Benchmark.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Benchmark.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.CustomActions.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.CustomActions.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Dvcs.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Dvcs.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Framework.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Framework.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Host.Identity.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Host.Identity.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Host.Scm.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Host.Scm.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Host.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.Host.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.UI.Wpf.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Api.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Dvcs.Git.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Dvcs.Git.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Dvcs.Hg.Ui.Wpf.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Dvcs.Hg.Ui.Wpf.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Host.Bitbucket.Server.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Host.Bitbucket.Server.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Host.Bitbucket.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Host.Bitbucket.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Host.GitHub.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Host.GitHub.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Localisation.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Localisation.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.UI.CommitContainer.Wpf.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.UI.CommitContainer.Wpf.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.UI.Diff.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.UI.Diff.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.UI.Theme.Wpf.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.UI.Theme.Wpf.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Ui.FileList.MultiColumn.Wpf.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Ui.FileList.MultiColumn.Wpf.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Ui.FileList.SingleColumn.Wpf.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Ui.FileList.SingleColumn.Wpf.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Ui.FileList.TreeView.Wpf.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Ui.FileList.TreeView.Wpf.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Ui.FileListContainer.Split.Wpf.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.Ui.FileListContainer.Split.Wpf.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.exe
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.exe.config
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.exe.configd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree.exed
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree_ExecutionStub.exe
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/SourceTree_ExecutionStub.exed
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Sourcetree.Analytics.Emau.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Sourcetree.Analytics.Emau.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Sourcetree.Api.Account.Pat.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Sourcetree.Api.Account.Pat.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Sourcetree.Composition.VSMef.Net48.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Sourcetree.Composition.VSMef.Net48.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Sourcetree.Host.GitLab.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Sourcetree.Host.Msft.TeamServices.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Sourcetree.Host.Msft.TeamServices.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Sourcetree.Installer.Squirrel.UI.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Sourcetree.Installer.Squirrel.UI.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Sourcetree.Installer.Squirrel.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Sourcetree.Installer.Squirrel.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Splat.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Splat.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Squirrel.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Squirrel.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Svg.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Svg.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Collections.Immutable.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Collections.Immutable.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Composition.AttributedModel.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Composition.AttributedModel.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Composition.Convention.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Composition.Convention.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Composition.Runtime.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Composition.Runtime.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Composition.TypedParts.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Composition.TypedParts.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Memory.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Memory.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Net.Http.Formatting.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Net.Http.Formatting.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Numerics.Vectors.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Numerics.Vectors.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Reactive.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Reactive.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Runtime.CompilerServices.Unsafe.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Runtime.CompilerServices.Unsafe.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Threading.Tasks.Dataflow.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/System.Threading.Tasks.Dataflow.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/TaskDialog.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/TaskDialog.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Validation.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/Validation.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/WeeGems.Option.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/WeeGems.Option.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/WeeGems.Require.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/WeeGems.Require.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/chimera.extensions.logging.log4net.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/chimera.extensions.logging.log4net.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/de/SourceTree.Localisation.resources.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/de/SourceTree.Localisation.resources.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/PortableGitLfsBitbucketMediaApi-1.0.5.7z
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/PortableGitLfsBitbucketMediaApi-1.0.5.7zd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/gcmw-v1.17.1.zip
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/gcmw-v1.17.1.zipd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/hgext/hgflow/hgflow.py
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/hgext/hgflow/hgflow.pyd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/hgignore_global_default.txt
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/hgignore_global_default.txtd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/licenses/Apache2.htm
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/licenses/Apache2.htmd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/licenses/CPOL.htm
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/licenses/CPOL.htmd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/licenses/EULA.pdf
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/licenses/EULA.pdfd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/licenses/GongDragDrop.htm
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/licenses/GongDragDrop.htmd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/licenses/PuTTY.htm
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/licenses/PuTTY.htmd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/licenses/WPFConverters.htm
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/licenses/WPFConverters.htmd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/licenses/octokit.net.htm
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/licenses/octokit.net.htmd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/licenses/slf4net.htm
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/licenses/slf4net.htmd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/mcmw-v1.11.96.zip
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/extras/mcmw-v1.11.96.zipd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/fr/SourceTree.Localisation.resources.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/fr/SourceTree.Localisation.resources.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/icons/Notification/SourceTree.ico
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/icons/Notification/SourceTree.icod
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/id/SourceTree.Localisation.resources.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/id/SourceTree.Localisation.resources.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/it-IT/SourceTree.Localisation.resources.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/it-IT/SourceTree.Localisation.resources.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/ja/SourceTree.Localisation.resources.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/ja/SourceTree.Localisation.resources.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/ko/SourceTree.Localisation.resources.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/ko/SourceTree.Localisation.resources.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/lib/win32/x86/git2-106a5f2.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/lib/win32/x86/git2-106a5f2.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/log4net.Alpha.config
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/log4net.Alpha.configd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/log4net.Beta.config
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/log4net.Beta.configd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/log4net.Custom.config
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/log4net.Custom.configd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/log4net.Portable.config
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/log4net.Portable.configd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/pt-BR/SourceTree.Localisation.resources.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/pt-BR/SourceTree.Localisation.resources.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/ru/SourceTree.Localisation.resources.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/ru/SourceTree.Localisation.resources.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/slf4net.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/slf4net.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/slf4net.log4net.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/slf4net.log4net.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/7z.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/7z.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/Askpass.UI.Wpf.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/Askpass.UI.Wpf.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/Askpass.exe
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/Askpass.exed
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/SourceTreeShared.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/SourceTreeShared.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/getopt.exe
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/getopt.exed
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/libintl3.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/libintl3.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/openssh_add.cmd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/openssh_add.cmdd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/patch-2.6.1-1-msys-1.0.13-src.tar.lzma
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/patch-2.6.1-1-msys-1.0.13-src.tar.lzmad
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/patch.exe
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/patch.exe.manifest
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/patch.exe.manifestd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/patch.exed
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/putty/pageant.exe
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/putty/pageant.exed
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/putty/plink.exe
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/putty/plink.exed
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/putty/puttygen.exe
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/putty/puttygen.exed
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/stree_gri.exe
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/stree_gri.exed
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/svn.pl
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net45/tools/svn.pld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC2AA000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/package/services/metadata/core-properties/d339c8078e8e44f2a5d38387e21dd88a.p
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.7z
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.7zd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.bsdiff
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.bsdiffd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.cmd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.cmdd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.config
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.configd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.diff
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.diffd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.dll
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.dlld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.exe
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.exed
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.htm
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.htmd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.html
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.htmld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.ico
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.icod
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.lzma
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.lzmad
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.manifest
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.manifestd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.nuspec
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.nuspecd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.pdf
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.pdfd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.pl
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.pld
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.png
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.pngd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.psmdcp
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.psmdcpd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.py
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.pyd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.rels
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.relsd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.shasum
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.shasumd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.txt
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.txtd
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.zip
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.zipd
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DB647000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe, 00000004.00000002.2438673026.000001D7F48B2000.00000002.00000001.01000000.00000023.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DB76B000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CF2B5000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CF151000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CF453000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe.3.drString found in binary or memory: http://dragablz.net/winfx/xaml/dragablz
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: http://github.com/git/git?
                Source: SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.0000000002900000.00000004.00000020.00020000.00000000.sdmp, SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.00000000028F2000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003823000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000383D000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034A8000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034C7000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2432229265.000001D7F3D32000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2436809478.000001D7F46D1000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2432229265.000001D7F3CC0000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3939895902.000001D3E8B32000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3936305714.000001D3E7A00000.00000004.00000020.00020000.00000000.sdmp, BitbucKit.Net.Refit.dll.3.dr, Askpass.UI.Wpf.dll.3.dr, BitbucKitServer.Net.Api.dll.3.dr, SourceTree.exe.3.dr, slf4net.dll.3.dr, SourceTree.Api.Host.Scm.dll.3.dr, stree_gri.exe.3.dr, git2-106a5f2.dll.3.drString found in binary or memory: http://ocsp.digicert.com0
                Source: SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.0000000002900000.00000004.00000020.00020000.00000000.sdmp, SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.00000000028F2000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003823000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000383D000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034A8000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034C7000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAAF000.00000004.00000800.00020000.00000000.sdmp, BitbucKit.Net.Refit.dll.3.dr, Askpass.UI.Wpf.dll.3.dr, BitbucKitServer.Net.Api.dll.3.dr, SourceTree.exe.3.dr, slf4net.dll.3.dr, SourceTree.Api.Host.Scm.dll.3.dr, stree_gri.exe.3.dr, git2-106a5f2.dll.3.dr, SourceTree.Api.Host.Identity.dll.3.dr, libintl3.dll.3.dr, Svg.dll.3.dr, BitbucKit.Net.Api.dll.3.drString found in binary or memory: http://ocsp.digicert.com0A
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038F6000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.dr, Newtonsoft.Json.dll.3.drString found in binary or memory: http://ocsp.digicert.com0C
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038F6000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.drString found in binary or memory: http://ocsp.digicert.com0K
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038F6000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.drString found in binary or memory: http://ocsp.digicert.com0N
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038F6000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.dr, Newtonsoft.Json.dll.3.drString found in binary or memory: http://ocsp.digicert.com0O
                Source: Update.exe, 00000003.00000002.2337346163.0000000003850000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000385D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://openid.net/specs/jwt/1.0Hurn:ietf:params:oauth:token-type:jwt
                Source: Update.exe, 00000003.00000002.2337346163.00000000037CC000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFB5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://product-downloads.atlassian.com
                Source: Update.exe, 00000003.00000002.2337346163.00000000037CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://product-downloads.atlassian.comd
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: http://restsharp.org/?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DB647000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2447157957.000001D7F5192000.00000002.00000001.01000000.0000004F.sdmp, SourceTree.exe, 00000004.00000002.2446991097.000001D7F5162000.00000002.00000001.01000000.0000004D.sdmp, SourceTree.exe, 00000004.00000002.2433648563.000001D7F42C2000.00000002.00000001.01000000.0000001A.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe, 00000004.00000002.2434288501.000001D7F4352000.00000002.00000001.01000000.00000021.sdmp, SourceTree.exe, 00000004.00000002.2447311337.000001D7F51B2000.00000002.00000001.01000000.00000051.sdmp, SourceTree.exe, 00000004.00000002.2446905997.000001D7F5152000.00000002.00000001.01000000.0000004C.sdmp, SourceTree.exe, 00000004.00000002.2446782077.000001D7F5132000.00000002.00000001.01000000.0000004A.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CF151000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3944487573.000001D3E9B62000.00000002.00000001.01000000.00000068.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CF453000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe.3.dr, Kent.Boogaart.Converters.dll.3.dr, SourceTree.Ui.FileList.MultiColumn.Wpf.dll.3.drString found in binary or memory: http://schemas.kent.boogaart.com/converters
                Source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.openxmlformats.or
                Source: Update.exe, 00000003.00000002.2337346163.0000000003850000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/claims/Group
                Source: Update.exe, 00000003.00000002.2337346163.0000000003850000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/ShortTypeName/Assembly
                Source: Update.exe, 00000003.00000002.2337346163.0000000003850000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/json_type
                Source: Update.exe, 00000003.00000002.2337346163.0000000003850000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000385D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claimpropertiespIDX12401:
                Source: Update.exe, 00000003.00000002.2337346163.0000000003850000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
                Source: Update.exe, 00000003.00000002.2337346163.00000000037B9000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CF675000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAFF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: Update.exe, 00000003.00000002.2337346163.0000000003850000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
                Source: Update.exe, 00000003.00000002.2337346163.0000000003850000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: http://selenic.com/hg?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: http://sourceforge.net/projects/mingw/?source=dlp?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: http://www.7-zip.org/?
                Source: Update.exe, 00000003.00000002.2337346163.0000000003883000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.asp.net0
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: http://www.codeproject.com/Articles/17201/Detect-Encoding-for-In-and-Outgoing-Text?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: http://www.codeproject.com/Articles/25058/ListView-Layout-Manager?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: http://www.codeproject.com/Articles/28093/Using-RoutedCommands-with-a-ViewModel-in-WPF?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: http://www.codeproject.com/Articles/49853/Better-WPF-Circular-Progress-Bar?
                Source: SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.0000000002900000.00000004.00000020.00020000.00000000.sdmp, SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.00000000028F2000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003823000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000383D000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034A8000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034C7000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2432229265.000001D7F3D32000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2436809478.000001D7F46D1000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2432229265.000001D7F3CC0000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3939895902.000001D3E8B32000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3936305714.000001D3E7A00000.00000004.00000020.00020000.00000000.sdmp, BitbucKit.Net.Refit.dll.3.dr, Askpass.UI.Wpf.dll.3.dr, BitbucKitServer.Net.Api.dll.3.dr, SourceTree.exe.3.dr, slf4net.dll.3.dr, SourceTree.Api.Host.Scm.dll.3.dr, stree_gri.exe.3.dr, git2-106a5f2.dll.3.drString found in binary or memory: http://www.digicert.com/CPS0
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: http://www.git-scm.com/?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe, 00000007.00000002.3939895902.000001D3E8B4A000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe.3.drString found in binary or memory: http://www.google.comEHandler
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: http://www.newtonsoft.com/json?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: http://www.putty.org/?
                Source: Update.exe, 00000003.00000000.2053912375.0000000000F82000.00000002.00000001.01000000.00000005.sdmp, SourceTree.exe, 00000004.00000002.2450551036.000001D7F55B2000.00000002.00000001.01000000.00000060.sdmpString found in binary or memory: https://api.github.com/#
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://bitbucket.org/mattdavey/weegems?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://bitbucket.org/sinbad/hgattic?
                Source: Update.exe, 00000003.00000002.2337346163.0000000003760000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003770000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DBE92000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2433648563.000001D7F42C2000.00000002.00000001.01000000.0000001A.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC2AA000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2436809478.000001D7F489D000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC2B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CF453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://confluence.atlassian.com/get-started-with-sourcetree
                Source: Update.exe, 00000003.00000002.2337346163.0000000003770000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://confluence.atlassian.com/get-started-with-sourcetreet
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://downloads.atlassian.com/software/sourcetree/windows/ReleaseNotes.html?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DBE92000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe, 00000004.00000002.2446703111.000001D7F5112000.00000002.00000001.01000000.00000049.sdmp, SourceTree.exe, 00000007.00000002.3939895902.000001D3E8B4A000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CF453000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe.3.drString found in binary or memory: https://github.com
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://github.com/ButchersBoy/Dragablz/?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://github.com/ButchersBoy/Dragablz/blob/master/LICENSE?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://github.com/Microsoft/Git-Credential-Manager-for-Windows/blob/master/LICENSE.txt?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://github.com/Microsoft/Git-Credential-Manager-for-Windows?
                Source: Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.drString found in binary or memory: https://github.com/ReactiveUI/refit
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://github.com/WilliamABradley/ColorCode-Universal/?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://github.com/WilliamABradley/ColorCode-Universal/blob/master/license.md?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://github.com/abdelkarim/DescriptionPersister?
                Source: Update.exe, 00000003.00000002.2337346163.00000000039F4000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000399C000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000039C2000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000039E8000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003A0D000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2434178994.000001D7F4332000.00000002.00000001.01000000.0000001F.sdmp, SourceTree.exe, 00000004.00000002.2433921178.000001D7F4302000.00000002.00000001.01000000.0000001D.sdmp, SourceTree.exe, 00000004.00000002.2423005552.000001D7D9C42000.00000002.00000001.01000000.00000011.sdmp, SourceTree.exe, 00000004.00000002.2423340776.000001D7DB562000.00000002.00000001.01000000.00000013.sdmp, SourceTree.exe, 00000004.00000002.2438899966.000001D7F4942000.00000002.00000001.01000000.00000024.sdmp, SourceTree.exe, 00000004.00000002.2423455096.000001D7DB5A2000.00000002.00000001.01000000.00000015.sdmp, SourceTree.exe, 00000004.00000002.2423277919.000001D7DB552000.00000002.00000001.01000000.00000012.sdmp, Microsoft.Extensions.Logging.Console.dll.3.drString found in binary or memory: https://github.com/aspnet/Extensions/tree/9bc79b2f25a3724376d7af19617c33749a30ea3a
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2448554556.000001D7F5372000.00000002.00000001.01000000.00000058.sdmp, SourceTree.exe, 00000004.00000002.2447464343.000001D7F5212000.00000002.00000001.01000000.00000052.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038A9000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2447464343.000001D7F5212000.00000002.00000001.01000000.00000052.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
                Source: Update.exe, 00000003.00000002.2337346163.0000000003942000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/637a8d58f72f2b0f1a71187530c3cf433e95a75a
                Source: Update.exe, 00000003.00000002.2337346163.0000000003942000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003969000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/637a8d58f72f2b0f1a71187530c3cf433e95a75a8
                Source: Update.exe, 00000003.00000002.2337346163.0000000003883000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000385D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
                Source: Update.exe, 00000003.00000002.2337346163.0000000003883000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000385D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/reactive0
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://github.com/englishtown/slf4net?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://github.com/kentcb/WPFConverters?
                Source: Update.exe, 00000003.00000000.2053912375.0000000000F82000.00000002.00000001.01000000.00000005.sdmp, SourceTree.exe, 00000004.00000002.2450551036.000001D7F55B2000.00000002.00000001.01000000.00000060.sdmpString found in binary or memory: https://github.com/myuser/myrepo
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://github.com/octokit/octokit.net?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://github.com/punker76/gong-wpf-dragdrop?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://github.com/reactiveui/ReactiveUI/blob/rxui7-master/LICENSE?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://github.com/reactiveui/ReactiveUI?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://github.com/yadyn/WPF-Task-Dialog?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://logging.apache.org/log4net/?
                Source: Update.exe, 00000003.00000002.2337346163.00000000037B9000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DBE92000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFB8E000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CF675000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAFF000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://product-downloads.atlassian.com
                Source: Update.exe, 00000003.00000002.2337346163.0000000003770000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC2AA000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2436809478.000001D7F489D000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC2B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://product-downloads.atlassian.com/software/sourcetree/windows/ga/sourcetree_ga.ico
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe, 00000007.00000002.3939895902.000001D3E8B4A000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe.3.drString found in binary or memory: https://support.atlassian.com/sourcetreeyhttps://confluence.atlassian.com/get-started-with-sourcetre
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe, 00000007.00000002.3939895902.000001D3E8B4A000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe.3.drString found in binary or memory: https://www.atlassian.com/git/5https://sourcetreeapp.com/
                Source: Update.exe, 00000003.00000002.2337346163.0000000003770000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC2AA000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2436809478.000001D7F489D000.00000004.00000020.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC2B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.atlassian.com/legal/customer-agreement
                Source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038F6000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.drString found in binary or memory: https://www.digicert.com/CPS0
                Source: Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034D3000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2439314630.000001D7F49A2000.00000002.00000001.01000000.0000002A.sdmp, SourceTree.Localisation.dll.3.drString found in binary or memory: https://www.kernel.org/pub/software/scm/git/docs/git-check-ref-format.html
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://www.mercurial-scm.org/?
                Source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drString found in binary or memory: https://www.transifex.com/projects/p/sourcetree-for-windows/?
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownHTTPS traffic detected: 3.161.73.137:443 -> 192.168.2.5:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 3.161.73.137:443 -> 192.168.2.5:49721 version: TLS 1.2
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_032946B03_2_032946B0
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_032960F03_2_032960F0
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_060EA6883_2_060EA688
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_060EA6983_2_060EA698
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_064FC7683_2_064FC768
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_067812623_2_06781262
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_067810CC3_2_067810CC
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF848F3E1D84_2_00007FF848F3E1D8
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF848F3DDD34_2_00007FF848F3DDD3
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF8493AD4184_2_00007FF8493AD418
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF8493A1BDB4_2_00007FF8493A1BDB
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF8493AFC404_2_00007FF8493AFC40
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF8493AFC604_2_00007FF8493AFC60
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF8493B14F24_2_00007FF8493B14F2
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF8499CDDC04_2_00007FF8499CDDC0
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF8499D06C04_2_00007FF8499D06C0
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 7_2_00007FF84935A0607_2_00007FF84935A060
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 7_2_00007FF8495D54607_2_00007FF8495D5460
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 7_2_00007FF8495D042A7_2_00007FF8495D042A
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 7_2_00007FF8495EC3587_2_00007FF8495EC358
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 7_2_00007FF8495D65867_2_00007FF8495D6586
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 7_2_00007FF8495DC8F67_2_00007FF8495DC8F6
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 7_2_00007FF8495EC6FC7_2_00007FF8495EC6FC
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 7_2_00007FF8495D42697_2_00007FF8495D4269
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 7_2_00007FF8495E64C57_2_00007FF8495E64C5
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 7_2_00007FF8495D0F6D7_2_00007FF8495D0F6D
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 7_2_00007FF849AF8E0C7_2_00007FF849AF8E0C
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\SourceTree\Update.exe EDB23A210132682D4C150003D6E02A3D894D82EF018FDF986FBF9BEB6B5D68FA
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: Resource name: DATA type: Zip archive data, at least v2.0 to extract, compression method=deflate
                Source: SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.0000000002900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUpdate.exe. vs SourceTreeSetup-3.4.19.exe
                Source: SourceTreeSetup-3.4.19.exe, 00000001.00000003.2053614545.00000000028F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUpdate.exe. vs SourceTreeSetup-3.4.19.exe
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Update.exe, 00000003.00000002.2337346163.0000000003942000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: c:\b\4741\2186\src\intermediate\System.Threading.Tasks.Dataflow.csproj_1037d191\Release\System.Threading.Tasks.Dataflow.pdb@w
                Source: SourceTree.exe, 00000004.00000002.2422623874.000001D7D9AC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;.VBp
                Source: Update.exe, 00000003.00000002.2337346163.0000000003942000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003928000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2447827174.000001D7F5262000.00000002.00000001.01000000.00000053.sdmpBinary or memory string: c:\b\4741\2186\src\intermediate\System.Threading.Tasks.Dataflow.csproj_1037d191\Release\System.Threading.Tasks.Dataflow.pdb
                Source: Update.exe, 00000003.00000002.2337346163.0000000003928000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: c:\b\4741\2186\src\intermediate\System.Threading.Tasks.Dataflow.csproj_1037d191\Release\System.Threading.Tasks.Dataflow.pdb
                Source: classification engineClassification label: sus36.troj.evad.winEXE@8/252@1/1
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTreeJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeMutant created: NULL
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeMutant created: \Sessions\1\BaseNamedObjects\C__Users_user_AppData_Local_Atlassian_SourceTree_sourcetree.log_rolling
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeMutant created: \Sessions\1\BaseNamedObjects\SourceTree_{34C68F3E-F159-462E-9B59-F9A23A0F405A}
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeMutant created: \Sessions\1\BaseNamedObjects\C__Users_user_AppData_Local_Atlassian_SourceTree_settings.log_rolling
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\Temp\.squirrel-lock-7FD03AB0DF75386580AE5482BAADF2764ECEC87CJump to behavior
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: SourceTree.exe, 00000004.00000002.2434288501.000001D7F4352000.00000002.00000001.01000000.00000021.sdmpBinary or memory string: SelectedRowFrom;ScrollLogWhenSelectionChanged7IsSelectingCommitInProgress-SelectingCommitMessage1IncludeWorkingDirChanges-AllowMultipleSelection!AllowContextMenu)CustomActionsCommits
                Source: SourceTreeSetup-3.4.19.exeString found in binary or memory: \need dictionaryinvalid literal/length codeinvalid distance codeinvalid block typeinvalid stored block lengthstoo many length or distance symbolsinvalid bit length repeatoversubscribed dynamic bit lengths treeincomplete dynamic bit lengths treeoversubscribed literal/length treeincomplete literal/length treeoversubscribed distance treeincomplete distance treeempty distance tree with lengthsunknown compression methodinvalid window sizeincorrect header checkincorrect data check\..\\..//..//..\UT%s%s%s%s%sOpen Setup LogCloseInstallation has failedSquirrelSQUIRREL_TEMP%s%s\%sUnable to write to %s - IT policies may be restricting access to this folder\SquirrelTemp%s\SquirrelSetup.logDATAUpdate.exe"%s" --install . %sThere was an error while installing the application. Check the setup log for more information and contact the author.Failed to extract installervector<T> too longi
                Source: unknownProcess created: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exe "C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exe"
                Source: unknownProcess created: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exe "C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exe" --rerunningWithoutUAC
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeProcess created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe "C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe" --squirrel-install 3.4.19
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe "C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe" --squirrel-firstrun
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeProcess created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUACJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe "C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe" --squirrel-install 3.4.19Jump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe "C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe" --squirrel-firstrunJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: powrprof.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: umpdc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dwmapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: d3d9.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: d3d10warp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dataexchange.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: d3d11.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dcomp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dxgi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: twinapi.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: resourcepolicyclient.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dxcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: msctfui.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: uiautomationcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: d3dcompiler_47.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: explorerframe.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: linkinfo.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: linkinfo.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: ntshrui.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: cscapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: dwmapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: d3d9.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: d3d10warp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: powrprof.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: umpdc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: dataexchange.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: d3d11.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: dcomp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: dxgi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: twinapi.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: resourcepolicyclient.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: dxcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: msctfui.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: uiautomationcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: d3dcompiler_47.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SourceTreeJump to behavior
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: certificate valid
                Source: SourceTreeSetup-3.4.19.exeStatic file information: File size 24789968 > 1048576
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x177a400
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: C:\Users\Administrator\actions-runner2\_work\sourcetreewin\sourcetreewin\Atlassian.Libraries\Atlassian.GutenbergTextView\GutenbergTextView\obj\Release\Atlassian.GutenbergTextView.pdb source: SourceTree.exe, 00000004.00000002.2440161177.000001D7F4A92000.00000002.00000001.01000000.0000002E.sdmp
                Source: Binary string: /_/src/Logging/Logging.Configuration/src/obj/Release/netstandard2.0/Microsoft.Extensions.Logging.Configuration.pdb source: Update.exe, 00000003.00000002.2337346163.00000000039C2000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000039E8000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: /_/src/Configuration/Config/src/obj/Release/netstandard2.0/Microsoft.Extensions.Configuration.pdb source: SourceTree.exe, 00000004.00000002.2433921178.000001D7F4302000.00000002.00000001.01000000.0000001D.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Ui.FileList.TreeView.Wpf\obj\Debug\SourceTree.Ui.FileList.TreeView.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2447157957.000001D7F5192000.00000002.00000001.01000000.0000004F.sdmp
                Source: Binary string: C:\Users\mpagani\Source\AppConsult\Windows-AppConsult-Tools-DesktopBridgeHelpers\DesktopBridge.Helpers\obj\Debug\net45\DesktopBridge.Helpers.pdb source: SourceTree.exe, 00000004.00000002.2439240279.000001D7F4992000.00000002.00000001.01000000.00000029.sdmp
                Source: Binary string: E:\A\_work\339\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netstandard\System.Threading.Tasks.Extensions.pdbSHA256 source: Update.exe, 00000003.00000002.2337346163.0000000003942000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003969000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.UI.CommitContainer.Wpf\obj\Debug\SourceTree.UI.CommitContainer.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2446851536.000001D7F5142000.00000002.00000001.01000000.0000004B.sdmp
                Source: Binary string: !bin\;!bld\;!ClientBin\;!Debug\;!obj\;!AppPackages\;!Release\;!TestResults\;!*.*~!*.appx!*.appxrecipe;!*.cache!*.cer!*.dbmdl!*.dll!*.docstates!*.docstates.suo;!*.err!*.exe!*.ilk!*.ipch!*.lastbuildstate!*.lce!*.ldf!*.lib!*.log!*.mdf!*.msscci!*.ncb!*.obj!*.opensdf!*.pch!*.pdb!*.pri!*.res!*.resources!*.sdf!*.suo!*.swp!*.temp!*.tfOrig*!*.tlog!*.tmp!*.trx!*.user!*.unsuccessfulbuild!*.v11.suo!*.vcxproj.user!*.vsix!*.vsmdi!*.vspscc!*.vssettings!*.vssscc!*.wrn!*.xap;!.metadata\ source: Update.exe, 00000003.00000002.2337346163.000000000341D000.00000004.00000800.00020000.00000000.sdmp, Microsoft.TeamFoundation.VersionControl.Common.dll.3.dr
                Source: Binary string: /_/src/Options/Options/src/obj/Release/netstandard2.0/Microsoft.Extensions.Options.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2423455096.000001D7DB5A2000.00000002.00000001.01000000.00000015.sdmp
                Source: Binary string: D:\V2.0\A1\_work\44\obj\Release.AnyCPU\Tfs.ExtendedClient\MS.TF.TestManagement.Client\Microsoft.TeamFoundation.TestManagement.Client.pdb source: Microsoft.TeamFoundation.TestManagement.Client.dll.3.dr
                Source: Binary string: c:\Users\Administrator\actions-runner2\_work\sourcetreewin\sourcetreewin\Atlassian.Libraries\Atlassian.Utilities\Atlassian.Utilities\obj\Release\Atlassian.Utilities.pdb,*N* @*_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2440307772.000001D7F4AB2000.00000002.00000001.01000000.00000030.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Api.Account.Pat\obj\Debug\netstandard2.0\Sourcetree.Api.Account.Pat.pdbSHA256y source: SourceTree.exe, 00000004.00000002.2441216299.000001D7F4B72000.00000002.00000001.01000000.00000037.sdmp
                Source: Binary string: D:\V2.0\A1\_work\44\obj\Release.AnyCPU\Tfs.ExtendedClient\MS.TF.Lab.TestIntegration.Client\Microsoft.TeamFoundation.Lab.TestIntegration.Client.pdb source: Microsoft.TeamFoundation.Lab.TestIntegration.Client.dll.3.dr
                Source: Binary string: LIB/NET45/MONO.CECIL.PDB.DLL source: Update.exe, 00000003.00000002.2337346163.0000000003617000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DBE92000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\saha340\Projects\Git\WPF-Task-Dialog\TaskDialog\obj\Release\TaskDialog.pdb source: SourceTree.exe, 00000004.00000002.2434017295.000001D7F4312000.00000002.00000001.01000000.0000001E.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Host.GitLab\obj\Debug\netstandard2.0\Sourcetree.Host.GitLab.pdb source: SourceTree.exe, 00000004.00000002.2442391292.000001D7F4C82000.00000002.00000001.01000000.00000043.sdmp
                Source: Binary string: C:\projects\Squirrel.Windows\build\obj\Squirrel\Release\net45\Squirrel.pdbSHA256/ source: SourceTree.exe, 00000004.00000002.2450551036.000001D7F55B2000.00000002.00000001.01000000.00000060.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAAF000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\projects\libgit2sharp-nativebinaries\libgit2\build\RelWithDebInfo\git2-106a5f2.pdb source: git2-106a5f2.dll0.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Host.Identity\obj\Debug\SourceTree.Api.Host.Identity.pdb source: SourceTree.exe, 00000004.00000002.2441536704.000001D7F4BB2000.00000002.00000001.01000000.0000003B.sdmp, SourceTree.Api.Host.Identity.dll.3.dr
                Source: Binary string: c:\Users\Matthew.Davey\Dropbox\Checkouts\WeeGems\WeeGems.Option\obj\Release\WeeGems.Option.pdb source: Update.exe, 00000003.00000002.2337346163.0000000003823000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000383D000.00000004.00000800.00020000.00000000.sdmp, WeeGems.Option.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Host.Bitbucket.Server\obj\Debug\SourceTree.Host.Bitbucket.Server.pdb` source: SourceTree.exe, 00000004.00000002.2446605100.000001D7F50F2000.00000002.00000001.01000000.00000048.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Api.Account.Pat\obj\Debug\netstandard2.0\Sourcetree.Api.Account.Pat.pdb source: SourceTree.exe, 00000004.00000002.2441216299.000001D7F4B72000.00000002.00000001.01000000.00000037.sdmp
                Source: Binary string: lib/net45/Mono.Cecil.Pdb.dll@\]q$ source: Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: D:\V2.0\A1\_work\44\obj\Release.AnyCPU\Vssf.Client\MS.VS.Services.Common\Microsoft.VisualStudio.Services.Common.pdb source: SourceTree.exe, 00000004.00000002.2451809086.000001D7F5702000.00000002.00000001.01000000.00000062.sdmp, Microsoft.VisualStudio.Services.Common.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Host.Bitbucket\obj\Debug\SourceTree.Host.Bitbucket.pdb source: SourceTree.exe, 00000004.00000002.2442579500.000001D7F4CA2000.00000002.00000001.01000000.00000045.sdmp
                Source: Binary string: C:\agent1\_work\27\s\src\Microsoft.IdentityModel.Clients.ActiveDirectory.Platform\obj\Release\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.pdb source: Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll.3.dr
                Source: Binary string: lib/net45/Mono.Cecil.Pdb.dll@\]q source: Update.exe, 00000003.00000002.2337346163.00000000033B9000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Api.Framework\obj\Debug\Sourcetree.Api.Framework.pdbHmbm Tm_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2441452133.000001D7F4BA2000.00000002.00000001.01000000.0000003A.sdmp
                Source: Binary string: /_/src/Logging/Logging.Configuration/src/obj/Release/netstandard2.0/Microsoft.Extensions.Logging.Configuration.pdbSHA256" source: Update.exe, 00000003.00000002.2337346163.00000000039C2000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000039E8000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: c:\b\4741\2186\src\intermediate\System.Threading.Tasks.Dataflow.csproj_1037d191\Release\System.Threading.Tasks.Dataflow.pdb source: Update.exe, 00000003.00000002.2337346163.0000000003942000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003928000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2447827174.000001D7F5262000.00000002.00000001.01000000.00000053.sdmp
                Source: Binary string: $]qFC:\Users\user\AppData\Local\SourceTree\app-3.4.19\Mono.Cecil.Pdb.dll source: Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\paulb\code\Squirrel\squirrel.windows\src\Setup\bin\Release\Setup.pdb source: SourceTreeSetup-3.4.19.exe
                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Collections.Immutable\netstandard\System.Collections.Immutable.pdb source: SourceTree.exe, 00000004.00000002.2447464343.000001D7F5212000.00000002.00000001.01000000.00000052.sdmp
                Source: Binary string: c:\b\4741\2186\src\intermediate\System.Threading.Tasks.Dataflow.csproj_1037d191\Release\System.Threading.Tasks.Dataflow.pdb@w source: Update.exe, 00000003.00000002.2337346163.0000000003942000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Dvcs.Hg\obj\Debug\SourceTree.Dvcs.Hg.pdbt! source: SourceTree.exe, 00000004.00000002.2442194647.000001D7F4C52000.00000002.00000001.01000000.00000042.sdmp, SourceTree.Dvcs.Hg.dll.3.dr
                Source: Binary string: mscorlib.pdb source: SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAAF000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Composition.AttributedModel\netstandard\System.Composition.AttributedModel.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2448554556.000001D7F5372000.00000002.00000001.01000000.00000058.sdmp
                Source: Binary string: /_/src/DependencyInjection/DI.Abstractions/src/obj/Release/netstandard2.0/Microsoft.Extensions.DependencyInjection.Abstractions.pdbSHA2562 source: Update.exe, 00000003.00000002.2337346163.000000000399C000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ReactiveUI.pdb source: SourceTree.exe, 00000004.00000002.2448615694.000001D7F5392000.00000002.00000001.01000000.00000059.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Analytics\SourceTree.Api.Analytics\obj\Debug\SourceTree.Api.Analytics.pdb source: SourceTree.exe, 00000004.00000002.2441296524.000001D7F4B82000.00000002.00000001.01000000.00000038.sdmp
                Source: Binary string: $]q4http://defaultcontainer/lib/net45/Mono.Cecil.Pdb.dll`,]q4http://defaultcontainer/lib/net45/Mono.Cecil.Pdb.dlld source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.UI.FileListContainer.NoStaging.Wpf\obj\Debug\SourceTree.UI.FileListContainer.NoStaging.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2447222210.000001D7F51A2000.00000002.00000001.01000000.00000050.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Accounts.Windows\obj\Debug\SourceTree.Accounts.Windows.pdb source: SourceTree.exe, 00000004.00000002.2440385499.000001D7F4AC2000.00000002.00000001.01000000.00000031.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Analytics\Sourcetree.Analytics.Emau\obj\Debug\netstandard2.0\Sourcetree.Analytics.Emau.pdb source: SourceTree.exe, 00000004.00000002.2440949154.000001D7F4B42000.00000002.00000001.01000000.00000034.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Dvcs.Hg\obj\Debug\SourceTree.Dvcs.Hg.pdb source: SourceTree.exe, 00000004.00000002.2442194647.000001D7F4C52000.00000002.00000001.01000000.00000042.sdmp, SourceTree.Dvcs.Hg.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Account\obj\Debug\SourceTree.Api.Account.pdb source: SourceTree.exe, 00000004.00000002.2439039596.000001D7F4962000.00000002.00000001.01000000.00000026.sdmp
                Source: Binary string: /_/src/Logging/Logging.Console/src/obj/Release/netstandard2.0/Microsoft.Extensions.Logging.Console.pdb source: Update.exe, 00000003.00000002.2337346163.00000000039F4000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003A0D000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423340776.000001D7DB562000.00000002.00000001.01000000.00000013.sdmp, Microsoft.Extensions.Logging.Console.dll.3.dr
                Source: Binary string: c:\Users\Administrator\actions-runner2\_work\sourcetreewin\sourcetreewin\Atlassian.Libraries\Atlassian.PathTrimmingTextBlock\Atlassian.PathTrimmingTextBlock\obj\Release\Atlassian.PathTrimmingTextBlock.pdb source: SourceTree.exe, 00000004.00000002.2440248560.000001D7F4AA2000.00000002.00000001.01000000.0000002F.sdmp
                Source: Binary string: C:\Users\Administrator\code2\ae3e0d9d-8f1c-53dc-b46b-65dce19487a8\1677043917973\build\Bitbucket.Libraries\BitbucKitServer.Net\BitbucKitServer.Net.Api\obj\Release\BitbucKitServer.Net.Api.pdb source: SourceTree.exe, 00000004.00000002.2448490605.000001D7F5362000.00000002.00000001.01000000.00000057.sdmp, BitbucKitServer.Net.Api.dll.3.dr
                Source: Binary string: C:\projects\Squirrel.Windows\vendor\nuget\src\Core\obj\Coverage\NuGet.Squirrel.pdb source: SourceTree.exe, 00000004.00000002.2456556762.000001D7F5D62000.00000002.00000001.01000000.00000067.sdmp
                Source: Binary string: /_/src/Configuration/Config.Abstractions/src/obj/Release/netstandard2.0/Microsoft.Extensions.Configuration.Abstractions.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2434178994.000001D7F4332000.00000002.00000001.01000000.0000001F.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Host.Atlassianaccount\obj\Debug\SourceTree.Host.AtlassianAccount.pdb<GVG HG_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2441882463.000001D7F4C02000.00000002.00000001.01000000.00000040.sdmp
                Source: Binary string: C:\projects\Squirrel.Windows\build\obj\Squirrel\Release\net45\Squirrel.pdb source: SourceTree.exe, 00000004.00000002.2450551036.000001D7F55B2000.00000002.00000001.01000000.00000060.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAAF000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Dvcs.Hg.Ui.Wpf\obj\Debug\SourceTree.Dvcs.Hg.Ui.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2441723940.000001D7F4BE2000.00000002.00000001.01000000.0000003E.sdmp
                Source: Binary string: Splat.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2448339623.000001D7F5342000.00000002.00000001.01000000.00000056.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api\obj\Debug\netstandard2.0\SourceTree.Api.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2423381219.000001D7DB572000.00000002.00000001.01000000.00000014.sdmp
                Source: Binary string: C:\projects\sharpcompress\src\SharpCompress\obj\Release\net45\SharpCompress.pdbL source: SharpCompress.dll.3.dr
                Source: Binary string: C:\projects\libgit2sharp-nativebinaries\libgit2\build\RelWithDebInfo\git2-106a5f2.pdb~ source: git2-106a5f2.dll0.3.dr
                Source: Binary string: Mono.Cecil.Pdb.dll source: Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: Squirrel.pdb source: SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAAF000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: d:\dd\WebToolsExtensions\SDK2.4\intermediate\dev12\Release\Publish\Microsoft.Web.XmlTransform.pdb source: Microsoft.Web.XmlTransform.dll.3.dr
                Source: Binary string: /_/src/Configuration/Config.Abstractions/src/obj/Release/netstandard2.0/Microsoft.Extensions.Configuration.Abstractions.pdb source: SourceTree.exe, 00000004.00000002.2434178994.000001D7F4332000.00000002.00000001.01000000.0000001F.sdmp
                Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: Update.exe, 00000003.00000002.2337346163.0000000003883000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000385D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: SourceTree.exe, 00000004.00000002.2450431929.000001D7F5562000.00000002.00000001.01000000.0000005F.sdmp
                Source: Binary string: c:\Users\Kent\Repository\wpfconverters\Src\Kent.Boogaart.Converters\obj\FX45 Release\Kent.Boogaart.Converters.pdb source: SourceTree.exe, 00000007.00000002.3944487573.000001D3E9B62000.00000002.00000001.01000000.00000068.sdmp, Kent.Boogaart.Converters.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\763db6d4-2acb-5c63-9de6-7ada1022506a\1713172038208\build\Bitbucket.Libraries\Bitbucket.Net\BitbucKit.Net.Refit\obj\Release\netstandard2.0\BitbucKit.Net.Refit.pdb source: BitbucKit.Net.Refit.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.CustomActions\obj\Debug\SourceTree.Api.CustomActions.pdb source: SourceTree.exe, 00000004.00000002.2438966201.000001D7F4952000.00000002.00000001.01000000.00000025.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Analytics\Sourcetree.Analytics.Emau\obj\Debug\netstandard2.0\Sourcetree.Analytics.Emau.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2440949154.000001D7F4B42000.00000002.00000001.01000000.00000034.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\obj\Debug\Sourcetree.pdb source: Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.dr
                Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: Update.exe, 00000003.00000002.2337346163.00000000038D0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038A9000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Programming\Github\ColorCode-Universal\ColorCode.Core\obj\Release\netstandard1.4\ColorCode.Core.pdb source: SourceTree.exe, 00000004.00000002.2448953354.000001D7F53E2000.00000002.00000001.01000000.0000005A.sdmp
                Source: Binary string: C:\Users\saha340\Projects\Git\WPF-Task-Dialog\TaskDialog\obj\Release\TaskDialog.pdbh} source: SourceTree.exe, 00000004.00000002.2434017295.000001D7F4312000.00000002.00000001.01000000.0000001E.sdmp
                Source: Binary string: C:\Users\Administrator\code\763db6d4-2acb-5c63-9de6-7ada1022506a\1713172038208\build\Atlassian.Libraries\Atlassian.FastTree\Atlassian.FastTree\obj\Release\Atlassian.FastTree.pdbL source: SourceTree.exe, 00000004.00000002.2433562622.000001D7F42B2000.00000002.00000001.01000000.00000019.sdmp
                Source: Binary string: /_/src/DependencyInjection/DI.Abstractions/src/obj/Release/netstandard2.0/Microsoft.Extensions.DependencyInjection.Abstractions.pdb source: Update.exe, 00000003.00000002.2337346163.000000000399C000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: Refit.pdbSHA256 source: Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.dr
                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: SourceTree.exe, 00000004.00000002.2449649910.000001D7F54A2000.00000002.00000001.01000000.0000005E.sdmp, Newtonsoft.Json.dll.3.dr
                Source: Binary string: D:\V2.0\A1\_work\44\obj\Release.AnyCPU\Tfs.Client\MS.TF.SourceControl.WebApi\Microsoft.TeamFoundation.SourceControl.WebApi.pdb source: SourceTree.exe, 00000004.00000002.2454946478.000001D7F5AA2000.00000002.00000001.01000000.00000065.sdmp
                Source: Binary string: System.Reactive.pdb source: SourceTree.exe, 00000004.00000002.2435844874.000001D7F4572000.00000002.00000001.01000000.00000022.sdmp
                Source: Binary string: Splat.pdb source: SourceTree.exe, 00000004.00000002.2448339623.000001D7F5342000.00000002.00000001.01000000.00000056.sdmp
                Source: Binary string: C:\projects\dragablz\Dragablz\obj\Release\net45\Dragablz.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2438673026.000001D7F48B2000.00000002.00000001.01000000.00000023.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Host.Scm\obj\Debug\SourceTree.Api.Host.Scm.pdb source: SourceTree.exe, 00000004.00000002.2441592815.000001D7F4BC2000.00000002.00000001.01000000.0000003C.sdmp, SourceTree.Api.Host.Scm.dll.3.dr
                Source: Binary string: C:\projects\dragablz\Dragablz\obj\Release\net45\Dragablz.pdb source: SourceTree.exe, 00000004.00000002.2438673026.000001D7F48B2000.00000002.00000001.01000000.00000023.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Host\obj\Debug\SourceTree.Api.Host.pdblH source: SourceTree.exe, 00000004.00000002.2439097863.000001D7F4972000.00000002.00000001.01000000.00000027.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.UI.Wpf\obj\Debug\SourceTree.Api.UI.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2434288501.000001D7F4352000.00000002.00000001.01000000.00000021.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Dvcs.Hg.Ui.Wpf\obj\Debug\SourceTree.Dvcs.Hg.Ui.Wpf.pdbPUjU \U_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2441723940.000001D7F4BE2000.00000002.00000001.01000000.0000003E.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Analytics\SourceTree.Analytics\obj\Debug\SourceTree.Analytics.pdbw] source: SourceTree.exe, 00000004.00000002.2440466472.000001D7F4AD2000.00000002.00000001.01000000.00000032.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Ui.FileList.MultiColumn.Wpf\obj\Debug\SourceTree.Ui.FileList.MultiColumn.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2446905997.000001D7F5152000.00000002.00000001.01000000.0000004C.sdmp, SourceTree.Ui.FileList.MultiColumn.Wpf.dll.3.dr
                Source: Binary string: C:\Users\Administrator\actions-runner2\_work\sourcetreewin\sourcetreewin\Atlassian.Libraries\Atlassian.GutenbergTextView\GutenbergTextView\obj\Release\Atlassian.GutenbergTextView.pdb, source: SourceTree.exe, 00000004.00000002.2440161177.000001D7F4A92000.00000002.00000001.01000000.0000002E.sdmp
                Source: Binary string: /_/src/Options/Options/src/obj/Release/netstandard2.0/Microsoft.Extensions.Options.pdb source: SourceTree.exe, 00000004.00000002.2423455096.000001D7DB5A2000.00000002.00000001.01000000.00000015.sdmp
                Source: Binary string: C:\Users\Administrator\code\763db6d4-2acb-5c63-9de6-7ada1022506a\1713172038208\build\Bitbucket.Libraries\Bitbucket.Net\BitbucKit.Net.Refit\obj\Release\netstandard2.0\BitbucKit.Net.Refit.pdbSHA256 source: BitbucKit.Net.Refit.dll.3.dr
                Source: Binary string: /lib/net45/Mono.Cecil.Pdb.dll`,]q source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: lib/net45/Mono.Cecil.Pdb.dll source: Update.exe, 00000003.00000002.2337346163.0000000003617000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034ED000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DBE92000.00000004.00000800.00020000.00000000.sdmp, SourceTreeSetup-3.4.19.exe, SourceTree-3.4.19-full.nupkg
                Source: Binary string: DynamicData.pdb source: SourceTree.exe, 00000004.00000002.2452408234.000001D7F5832000.00000002.00000001.01000000.00000063.sdmp
                Source: Binary string: D:\V2.0\A1\_work\44\obj\Release.AnyCPU\Tfs.ExtendedClient\MS.TF.VersionControl.Common\Microsoft.TeamFoundation.VersionControl.Common.pdb source: Update.exe, 00000003.00000002.2337346163.000000000341D000.00000004.00000800.00020000.00000000.sdmp, Microsoft.TeamFoundation.VersionControl.Common.dll.3.dr
                Source: Binary string: Refit.pdb source: Update.exe, 00000003.00000002.2337346163.000000000343A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003457000.00000004.00000800.00020000.00000000.sdmp, Refit.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.UI.Window.Welcome.Wpf\obj\Debug\SourceTree.UI.Window.Welcome.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2433648563.000001D7F42C2000.00000002.00000001.01000000.0000001A.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Localisation\obj\Debug\netstandard2.0\SourceTree.Localisation.pdb source: SourceTree.exe, 00000004.00000002.2439314630.000001D7F49A2000.00000002.00000001.01000000.0000002A.sdmp, SourceTree.Localisation.dll.3.dr
                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Composition.AttributedModel\netstandard\System.Composition.AttributedModel.pdb source: SourceTree.exe, 00000004.00000002.2448554556.000001D7F5372000.00000002.00000001.01000000.00000058.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Account.Basic\obj\Debug\SourceTree.Api.Account.Basic.pdb source: SourceTree.exe, 00000004.00000002.2441038308.000001D7F4B52000.00000002.00000001.01000000.00000035.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Benchmark\obj\Debug\SourceTree.Api.Benchmark.pdb0gJg <g_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2441369987.000001D7F4B92000.00000002.00000001.01000000.00000039.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Composition.VSMef.Net471\obj\Debug\Sourcetree.Composition.VSMef.Net48.pdb source: SourceTree.exe, 00000004.00000002.2433781146.000001D7F42E2000.00000002.00000001.01000000.0000001B.sdmp
                Source: Binary string: D:\V2.0\A1\_work\44\obj\Release.AnyCPU\Vssf.Client\MS.VS.Services.WebApi\Microsoft.VisualStudio.Services.WebApi.pdb source: SourceTree.exe, 00000004.00000002.2453128556.000001D7F5912000.00000002.00000001.01000000.00000064.sdmp
                Source: Binary string: E:\A\_work\21\s\obj\Release\Microsoft.VisualStudio.Validation.Desktop\Microsoft.VisualStudio.Validation.pdb source: SourceTree.exe, 00000004.00000002.2439175850.000001D7F4982000.00000002.00000001.01000000.00000028.sdmp, Microsoft.VisualStudio.Validation.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Dvcs.Git.UI.Wpf\obj\Debug\Sourcetree.Dvcs.Git.UI.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2441660495.000001D7F4BD2000.00000002.00000001.01000000.0000003D.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Analytics\Atlassian.AnalyticsService.Client\obj\Debug\netstandard2.0\Atlassian.AnalyticsService.Client.pdb source: SourceTree.exe, 00000004.00000002.2440066015.000001D7F4A82000.00000002.00000001.01000000.0000002D.sdmp
                Source: Binary string: C:\Programming\Github\ColorCode-Universal\ColorCode.Core\obj\Release\netstandard1.4\ColorCode.Core.pdbSHA256C source: SourceTree.exe, 00000004.00000002.2448953354.000001D7F53E2000.00000002.00000001.01000000.0000005A.sdmp
                Source: Binary string: /_/src/Primitives/src/obj/Release/netstandard2.0/Microsoft.Extensions.Primitives.pdbSHA256T source: SourceTree.exe, 00000004.00000002.2438899966.000001D7F4942000.00000002.00000001.01000000.00000024.sdmp
                Source: Binary string: F:\agent1\_work\20\s\src\System.IdentityModel.Tokens.Jwt\obj\release\net451\System.IdentityModel.Tokens.Jwt.pdb source: Update.exe, 00000003.00000002.2337346163.0000000003850000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000385D000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: D:\V2.0\A1\_work\44\obj\Release.AnyCPU\Tfs.Client\MS.TF.Core.WebApi\Microsoft.TeamFoundation.Core.WebApi.pdb source: SourceTree.exe, 00000004.00000002.2449340169.000001D7F5432000.00000002.00000001.01000000.0000005C.sdmp, Microsoft.TeamFoundation.Core.WebApi.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Host.GitLab\obj\Debug\netstandard2.0\Sourcetree.Host.GitLab.pdbSHA256( source: SourceTree.exe, 00000004.00000002.2442391292.000001D7F4C82000.00000002.00000001.01000000.00000043.sdmp
                Source: Binary string: D:\Documents\GitHub\NotificationsExtensions\Windows 10\NotificationsExtensions.Win10.NETCore\obj\Release\NotificationsExtensions.Win10.pdbTO source: SourceTree.exe, 00000007.00000002.3952572560.000001D3EEB62000.00000002.00000001.01000000.00000069.sdmp, NotificationsExtensions.Win10.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Analytics\Atlassian.AnalyticsService.Client\obj\Debug\netstandard2.0\Atlassian.AnalyticsService.Client.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2440066015.000001D7F4A82000.00000002.00000001.01000000.0000002D.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Host\obj\Debug\SourceTree.Api.Host.pdb source: SourceTree.exe, 00000004.00000002.2439097863.000001D7F4972000.00000002.00000001.01000000.00000027.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Host.Msft.TeamServices\obj\Debug\netstandard2.0\Sourcetree.Host.Msft.TeamServices.pdb source: SourceTree.exe, 00000004.00000002.2442486228.000001D7F4C92000.00000002.00000001.01000000.00000044.sdmp, Sourcetree.Host.Msft.TeamServices.dll.3.dr
                Source: Binary string: DynamicData.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2452408234.000001D7F5832000.00000002.00000001.01000000.00000063.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Dvcs.Git.UI.Wpf\obj\Debug\Sourcetree.Dvcs.Git.UI.Wpf.pdb,VFV 8V_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2441660495.000001D7F4BD2000.00000002.00000001.01000000.0000003D.sdmp
                Source: Binary string: c:\personal_source\RestSharp\RestSharp.Net452\obj\Release\RestSharp.pdb source: SourceTree.exe, 00000004.00000002.2449131450.000001D7F5402000.00000002.00000001.01000000.0000005B.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Host.GitHub\obj\Debug\SourceTree.Host.GitHub.pdb source: SourceTree.exe, 00000004.00000002.2446703111.000001D7F5112000.00000002.00000001.01000000.00000049.sdmp
                Source: Binary string: bin;bld;ClientBin;Debug;obj;AppPackages;Release;TestResults;FakesAssemblies;*.*~;*.appx;*.appxrecipe;*.build.csdef;*.cache;*.cer;*.class;*.dbmdl;*.dll;*.docstates;*.docstates.suo;*.DS_Store;*.err;*.exe;*.ilk;*.ipch;*.lastbuildstate;*.lce;*.ldf;*.lib;*.log;*.mdf;*.msscci;*.ncb;*.obj;*.opensdf;*.pch;*.pdb;*.pri;*.res;*.resources;*.sdf;*.suo;*.svn;*.swp;*.temp;*.tfOrig*;*.tlog;*.tmp;*.trx;*.user;*.unsuccessfulbuild;*.v11.suo;*.vcxproj.user;*.vsix;*.vsmdi;*.vspscc;*.vssettings;*.vssscc;*.wrn;*.xap;.metadata source: Update.exe, 00000003.00000002.2337346163.000000000341D000.00000004.00000800.00020000.00000000.sdmp, Microsoft.TeamFoundation.VersionControl.Common.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.UI.Window.Welcome.Wpf\obj\Debug\SourceTree.UI.Window.Welcome.Wpf.pdbd source: SourceTree.exe, 00000004.00000002.2433648563.000001D7F42C2000.00000002.00000001.01000000.0000001A.sdmp
                Source: Binary string: E:\A\_work\339\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netstandard\System.Threading.Tasks.Extensions.pdb source: Update.exe, 00000003.00000002.2337346163.0000000003942000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003969000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: c:\projects\bitbucket.org\atlassianlabs\askpass\Askpass.UI.Wpf\obj\Release\Askpass.UI.Wpf.pdb source: Askpass.UI.Wpf.dll.3.dr
                Source: Binary string: d:\projects\bitbucket.org\atlassian\sourcetree\sourcetreeshared\SourceTreeShared\obj\Release\SourceTreeShared.pdb source: SourceTreeShared.dll.3.dr
                Source: Binary string: ReactiveUI.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2448615694.000001D7F5392000.00000002.00000001.01000000.00000059.sdmp
                Source: Binary string: C:\Users\mpagani\Source\AppConsult\Windows-AppConsult-Tools-DesktopBridgeHelpers\DesktopBridge.Helpers\obj\Debug\net45\DesktopBridge.Helpers.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2439240279.000001D7F4992000.00000002.00000001.01000000.00000029.sdmp
                Source: Binary string: C:\dev\github\roaminglost\chimera.extensions.logging.log4net\src\chimera.extensions.logging.log4net\bin\Release\net451\chimera.extensions.logging.log4net.pdb source: SourceTree.exe, 00000004.00000002.2433835454.000001D7F42F2000.00000002.00000001.01000000.0000001C.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.UI.Diff\obj\Debug\SourceTree.UI.Diff.pdb source: SourceTree.exe, 00000004.00000002.2447062008.000001D7F5172000.00000002.00000001.01000000.0000004E.sdmp
                Source: Binary string: C:\projects\sharpcompress\src\SharpCompress\obj\Release\net45\SharpCompress.pdb source: SharpCompress.dll.3.dr
                Source: Binary string: JC:\projects\Squirrel.Windows\build\obj\Squirrel\Release\net45\Squirrel.pdb source: SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAAF000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: c:\Users\Matthew.Davey\Dropbox\Checkouts\WeeGems\WeeGems.Require\obj\Release\WeeGems.Require.pdb source: Update.exe, 00000003.00000002.2337346163.00000000034A8000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034C7000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2433207494.000001D7F3E02000.00000002.00000001.01000000.00000017.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Analytics\SourceTree.Api.Analytics\obj\Debug\SourceTree.Api.Analytics.pdbS*m* _*_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2441296524.000001D7F4B82000.00000002.00000001.01000000.00000038.sdmp
                Source: Binary string: lib/net45/Mono.Cecil.Pdb.dlllH|m source: Update.exe, 00000003.00000002.2337346163.0000000003617000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: E:\A\_work\104\s\obj\Microsoft.VisualStudio.Composition\Release\net45\Microsoft.VisualStudio.Composition.pdb source: SourceTree.exe, 00000004.00000002.2440529503.000001D7F4AE2000.00000002.00000001.01000000.00000033.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Ui.FileList.SingleColumn.Wpf\obj\Debug\SourceTree.Ui.FileList.SingleColumn.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2446991097.000001D7F5162000.00000002.00000001.01000000.0000004D.sdmp
                Source: Binary string: c:\Users\Matthew.Davey\Dropbox\Checkouts\WeeGems\WeeGems.Option\obj\Release\WeeGems.Option.pdb(J>J 0J_CorDllMainmscoree.dll source: Update.exe, 00000003.00000002.2337346163.0000000003823000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000383D000.00000004.00000800.00020000.00000000.sdmp, WeeGems.Option.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.UI.Wpf\obj\Debug\SourceTree.Api.UI.Wpf.pdb< source: SourceTree.exe, 00000004.00000002.2434288501.000001D7F4352000.00000002.00000001.01000000.00000021.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Ui.FileList.MultiColumn.Wpf\obj\Debug\SourceTree.Ui.FileList.MultiColumn.Wpf.pdbXnrn dn_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2446905997.000001D7F5152000.00000002.00000001.01000000.0000004C.sdmp, SourceTree.Ui.FileList.MultiColumn.Wpf.dll.3.dr
                Source: Binary string: System.Reactive.pdbSHA256; source: SourceTree.exe, 00000004.00000002.2435844874.000001D7F4572000.00000002.00000001.01000000.00000022.sdmp
                Source: Binary string: 4http://defaultcontainer/lib/net45/Mono.Cecil.Pdb.dll source: SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: lib/net45/Mono.Cecil.Pdb.dll0y source: SourceTree.exe, 00000004.00000002.2423499610.000001D7DBE92000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Dev\vvvv\SVG\Source\obj\Release\Svg.pdb source: Svg.dll.3.dr
                Source: Binary string: c:\Users\Administrator\actions-runner2\_work\sourcetreewin\sourcetreewin\Atlassian.Libraries\Atlassian.PathTrimmingTextBlock\Atlassian.PathTrimmingTextBlock\obj\Release\Atlassian.PathTrimmingTextBlock.pdbH8^8 P8_CorDllMainmscoree.dll source: SourceTree.exe, 00000004.00000002.2440248560.000001D7F4AA2000.00000002.00000001.01000000.0000002F.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Host.Msft.TeamServices\obj\Debug\netstandard2.0\Sourcetree.Host.Msft.TeamServices.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2442486228.000001D7F4C92000.00000002.00000001.01000000.00000044.sdmp, Sourcetree.Host.Msft.TeamServices.dll.3.dr
                Source: Binary string: d:\TCAgents\buildAgent1\work\c81b3924259cf9ee\github\slf4net\obj\Release\slf4net.pdb source: SourceTree.exe, 00000004.00000002.2434234756.000001D7F4342000.00000002.00000001.01000000.00000020.sdmp, slf4net.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Installer.Squirrel.UI\obj\Debug\Sourcetree.Installer.Squirrel.UI.pdb source: SourceTree.exe, 00000004.00000002.2446782077.000001D7F5132000.00000002.00000001.01000000.0000004A.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Analytics\SourceTree.Analytics\obj\Debug\SourceTree.Analytics.pdb source: SourceTree.exe, 00000004.00000002.2440466472.000001D7F4AD2000.00000002.00000001.01000000.00000032.sdmp
                Source: Binary string: E:\A\_work\104\s\obj\Microsoft.VisualStudio.Composition\Release\net45\Microsoft.VisualStudio.Composition.pdb!k source: SourceTree.exe, 00000004.00000002.2440529503.000001D7F4AE2000.00000002.00000001.01000000.00000033.sdmp
                Source: Binary string: C:\Users\Administrator\code\763db6d4-2acb-5c63-9de6-7ada1022506a\1713172038208\build\Atlassian.Libraries\Atlassian.FastTree\Atlassian.FastTree\obj\Release\Atlassian.FastTree.pdb source: SourceTree.exe, 00000004.00000002.2433562622.000001D7F42B2000.00000002.00000001.01000000.00000019.sdmp
                Source: Binary string: D:\Documents\GitHub\NotificationsExtensions\Windows 10\NotificationsExtensions.Win10.NETCore\obj\Release\NotificationsExtensions.Win10.pdb source: SourceTree.exe, 00000007.00000002.3952572560.000001D3EEB62000.00000002.00000001.01000000.00000069.sdmp, NotificationsExtensions.Win10.dll.3.dr
                Source: Binary string: Octokit.pdbMPDB source: SourceTree.exe, 00000004.00000002.2450903511.000001D7F5632000.00000002.00000001.01000000.00000061.sdmp
                Source: Binary string: /lib/net45/Mono.Cecil.Pdb.dll source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: c:\b\4741\2186\src\intermediate\System.Threading.Tasks.Dataflow.csproj_1037d191\Release\System.Threading.Tasks.Dataflow.pdb source: Update.exe, 00000003.00000002.2337346163.0000000003928000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: d:\dd\WebToolsExtensions\SDK2.4\intermediate\dev12\Release\Publish\Microsoft.Web.XmlTransform.pdb4: source: Microsoft.Web.XmlTransform.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Dvcs\obj\Debug\SourceTree.Api.Dvcs.pdb source: SourceTree.exe, 00000004.00000002.2439915527.000001D7F4A52000.00000002.00000001.01000000.0000002C.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Benchmark\obj\Debug\SourceTree.Api.Benchmark.pdb source: SourceTree.exe, 00000004.00000002.2441369987.000001D7F4B92000.00000002.00000001.01000000.00000039.sdmp
                Source: Binary string: /_/src/Logging/Logging.Abstractions/src/obj/Release/netstandard2.0/Microsoft.Extensions.Logging.Abstractions.pdb source: Update.exe, 00000003.00000002.2337346163.000000000399C000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000039C2000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423005552.000001D7D9C42000.00000002.00000001.01000000.00000011.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Host.Atlassianaccount\obj\Debug\SourceTree.Host.AtlassianAccount.pdb source: SourceTree.exe, 00000004.00000002.2441882463.000001D7F4C02000.00000002.00000001.01000000.00000040.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Localisation\obj\Debug\netstandard2.0\SourceTree.Localisation.pdbSHA256, source: SourceTree.exe, 00000004.00000002.2439314630.000001D7F49A2000.00000002.00000001.01000000.0000002A.sdmp, SourceTree.Localisation.dll.3.dr
                Source: Binary string: /_/src/Logging/Logging.Console/src/obj/Release/netstandard2.0/Microsoft.Extensions.Logging.Console.pdbSHA256 source: Update.exe, 00000003.00000002.2337346163.00000000039F4000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003A0D000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423340776.000001D7DB562000.00000002.00000001.01000000.00000013.sdmp, Microsoft.Extensions.Logging.Console.dll.3.dr
                Source: Binary string: /_/src/Logging/Logging/src/obj/Release/netstandard2.0/Microsoft.Extensions.Logging.pdbSHA256 source: Update.exe, 00000003.00000002.2337346163.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423277919.000001D7DB552000.00000002.00000001.01000000.00000012.sdmp
                Source: Binary string: /_/src/GongSolutions.WPF.DragDrop/obj/Release/net48/GongSolutions.WPF.DragDrop.pdb source: SourceTree.exe, 00000004.00000002.2448135668.000001D7F5322000.00000002.00000001.01000000.00000055.sdmp
                Source: Binary string: D:\a\sourcetree-assets\sourcetree-assets\SourceTree.UI.Theme.Wpf\SourceTree.UI.Theme.Wpf\obj\Release\SourceTree.UI.Theme.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2442823138.000001D7F500C000.00000002.00000001.01000000.00000047.sdmp
                Source: Binary string: c:\BuildAgent\work\220dc32f273423f2\Tooling\obj\Release\System.Net.Http.Formatting\System.Net.Http.Formatting.pdb source: Update.exe, 00000003.00000002.2337346163.0000000003883000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000038A9000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ReactiveUI.WPF.pdbSHA256" source: SourceTree.exe, 00000004.00000002.2433396437.000001D7F40C2000.00000002.00000001.01000000.00000018.sdmp
                Source: Binary string: c:\Users\Matthew.Davey\Dropbox\Checkouts\WeeGems\WeeGems.Require\obj\Release\WeeGems.Require.pdb@:^: P:_CorDllMainmscoree.dll source: Update.exe, 00000003.00000002.2337346163.00000000034A8000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000034C7000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2433207494.000001D7F3E02000.00000002.00000001.01000000.00000017.sdmp
                Source: Binary string: /_/src/Logging/Logging/src/obj/Release/netstandard2.0/Microsoft.Extensions.Logging.pdb source: Update.exe, 00000003.00000002.2337346163.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423277919.000001D7DB552000.00000002.00000001.01000000.00000012.sdmp
                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Collections.Immutable\netstandard\System.Collections.Immutable.pdbSHA256* source: SourceTree.exe, 00000004.00000002.2447464343.000001D7F5212000.00000002.00000001.01000000.00000052.sdmp
                Source: Binary string: C:\projects\libgit2sharp-nativebinaries\libgit2\build\build64\RelWithDebInfo\git2-106a5f2.pdb source: git2-106a5f2.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\stree_gri\obj\Debug\stree_gri.pdb source: stree_gri.exe.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Dvcs.Git\obj\Debug\SourceTree.Dvcs.Git.pdb source: SourceTree.exe, 00000004.00000002.2441961915.000001D7F4C12000.00000002.00000001.01000000.00000041.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Api.Framework\obj\Debug\Sourcetree.Api.Framework.pdb source: SourceTree.exe, 00000004.00000002.2441452133.000001D7F4BA2000.00000002.00000001.01000000.0000003A.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Sourcetree.Installer.Squirrel\obj\Debug\Sourcetree.Installer.Squirrel.pdb source: SourceTree.exe, 00000004.00000002.2442714316.000001D7F4CC2000.00000002.00000001.01000000.00000046.sdmp
                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2449649910.000001D7F54A2000.00000002.00000001.01000000.0000005E.sdmp, Newtonsoft.Json.dll.3.dr
                Source: Binary string: /_/src/GongSolutions.WPF.DragDrop/obj/Release/net48/GongSolutions.WPF.DragDrop.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2448135668.000001D7F5322000.00000002.00000001.01000000.00000055.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Dvcs.None\obj\Debug\SourceTree.Dvcs.None.pdb source: SourceTree.exe, 00000004.00000002.2441785716.000001D7F4BF2000.00000002.00000001.01000000.0000003F.sdmp
                Source: Binary string: ReactiveUI.WPF.pdb source: SourceTree.exe, 00000004.00000002.2433396437.000001D7F40C2000.00000002.00000001.01000000.00000018.sdmp
                Source: Binary string: /_/src/Primitives/src/obj/Release/netstandard2.0/Microsoft.Extensions.Primitives.pdb source: SourceTree.exe, 00000004.00000002.2438899966.000001D7F4942000.00000002.00000001.01000000.00000024.sdmp
                Source: Binary string: C:\Users\Administrator\code2\ae3e0d9d-8f1c-53dc-b46b-65dce19487a8\1677043917973\build\Bitbucket.Libraries\BitbucKitServer.Net\BitbucKitServer.Net.Refit\obj\Release\BitbucKitServer.Net.Refit.pdb source: SourceTree.exe, 00000004.00000002.2433092664.000001D7F3DF2000.00000002.00000001.01000000.00000016.sdmp
                Source: Binary string: C:\projects\gitlabapiclient\src\GitLabApiClient\obj\Release\netstandard2.0\GitLabApiClient.pdb source: SourceTree.exe, 00000004.00000002.2449464204.000001D7F5462000.00000002.00000001.01000000.0000005D.sdmp
                Source: Binary string: c:\Users\Administrator\actions-runner2\_work\sourcetreewin\sourcetreewin\Atlassian.Libraries\Atlassian.Utilities\Atlassian.Utilities\obj\Release\Atlassian.Utilities.pdb source: SourceTree.exe, 00000004.00000002.2440307772.000001D7F4AB2000.00000002.00000001.01000000.00000030.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Ui.FileListContainer.Split.Wpf\obj\Debug\SourceTree.Ui.FileListContainer.Split.Wpf.pdb source: SourceTree.exe, 00000004.00000002.2447311337.000001D7F51B2000.00000002.00000001.01000000.00000051.sdmp
                Source: Binary string: c:\projects\bitbucket.org\atlassianlabs\askpass\Askpass.UI.Wpf\obj\Release\Askpass.UI.Wpf.pdbH source: Askpass.UI.Wpf.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\Microsoft.Alm\obj\Debug\Microsoft.Alm.pdb source: Microsoft.Alm.dll.3.dr
                Source: Binary string: /_/src/Configuration/Config/src/obj/Release/netstandard2.0/Microsoft.Extensions.Configuration.pdbSHA256 source: SourceTree.exe, 00000004.00000002.2433921178.000001D7F4302000.00000002.00000001.01000000.0000001D.sdmp
                Source: Binary string: C:\Users\Administrator\code\763db6d4-2acb-5c63-9de6-7ada1022506a\1713172038208\build\Bitbucket.Libraries\Bitbucket.Net\BitbucKit.Net.Api\obj\Release\netstandard2.0\BitbucKit.Net.Api.pdb source: SourceTree.exe, 00000004.00000002.2448014407.000001D7F5312000.00000002.00000001.01000000.00000054.sdmp, BitbucKit.Net.Api.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\763db6d4-2acb-5c63-9de6-7ada1022506a\1713172038208\build\Bitbucket.Libraries\Bitbucket.Net\BitbucKit.Net.Api\obj\Release\netstandard2.0\BitbucKit.Net.Api.pdbSHA256R source: SourceTree.exe, 00000004.00000002.2448014407.000001D7F5312000.00000002.00000001.01000000.00000054.sdmp, BitbucKit.Net.Api.dll.3.dr
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Host.Bitbucket.Server\obj\Debug\SourceTree.Host.Bitbucket.Server.pdb source: SourceTree.exe, 00000004.00000002.2446605100.000001D7F50F2000.00000002.00000001.01000000.00000048.sdmp
                Source: Binary string: /_/src/Logging/Logging.Abstractions/src/obj/Release/netstandard2.0/Microsoft.Extensions.Logging.Abstractions.pdbSHA256 source: Update.exe, 00000003.00000002.2337346163.000000000399C000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000039C2000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423005552.000001D7D9C42000.00000002.00000001.01000000.00000011.sdmp
                Source: Binary string: C:\projects\libgit2sharp-nativebinaries\libgit2\build\build64\RelWithDebInfo\git2-106a5f2.pdb| source: git2-106a5f2.dll.3.dr
                Source: Binary string: /LIB/NET45/MONO.CECIL.PDB.DLL source: Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api\obj\Debug\netstandard2.0\SourceTree.Api.pdb source: SourceTree.exe, 00000004.00000002.2423381219.000001D7DB572000.00000002.00000001.01000000.00000014.sdmp
                Source: Binary string: c:\TeamCity\buildAgent\work\1aad0b52fc40d6db\src\Core\obj\Release\NuGet.Core.pdb source: SourceTree.exe, 00000004.00000002.2455794809.000001D7F5CB2000.00000002.00000001.01000000.00000066.sdmp
                Source: Binary string: Octokit.pdb source: SourceTree.exe, 00000004.00000002.2450903511.000001D7F5632000.00000002.00000001.01000000.00000061.sdmp
                Source: Binary string: C:\Users\Administrator\code\bf33d5c8-6ccf-5a5d-af63-a4b075d6bb29\1719334951294\build\SourceTree.Api.Account.OAuth.TwoZero\obj\Debug\SourceTree.Api.Account.OAuth.TwoZero.pdb source: SourceTree.exe, 00000004.00000002.2441120442.000001D7F4B62000.00000002.00000001.01000000.00000036.sdmp, SourceTree.Api.Account.OAuth.TwoZero.dll.3.dr
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: SourceTreeSetup-3.4.19.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_060EE420 push es; retn 0004h3_2_060EE430
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_060E1E11 push es; ret 3_2_060E1E20
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_060E1EF1 push es; ret 3_2_060E1F00
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_060E4FA1 push es; ret 3_2_060E4FB0
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_060EFD1F push es; retn 0008h3_2_060EFD20
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_060E1810 push es; ret 3_2_060E1820
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_064F9791 push es; ret 3_2_064F97A0
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_064F85E0 push es; ret 3_2_064F85F0
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_064F7380 push es; ret 3_2_064F7390
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_064F8380 push es; ret 3_2_064F8390
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_064F73A0 push es; ret 3_2_064F73B0
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_064FF015 pushfd ; iretd 3_2_064FF059
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_064F9010 push es; ret 3_2_064F9020
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_064F51F0 push es; ret 3_2_064F5200
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_064F6F31 push es; ret 3_2_064F6F40
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_064FACE3 push edi; ret 3_2_064FACE5
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_064F6970 push es; ret 3_2_064F6980
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_067816C2 pushfd ; iretd 3_2_067816F1
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_067816B2 pushad ; iretd 3_2_067816C1
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_067882C8 push eax; ret 3_2_067882C9
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_06783E75 push ecx; retf 3_2_06783E76
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 3_2_06781B7A push esp; retf 3_2_06781B89
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF848E1D2A5 pushad ; iretd 4_2_00007FF848E1D2A6
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF848F3A10F push E8FFFFFFh; iretd 4_2_00007FF848F3A12D
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF848F48167 push ebx; ret 4_2_00007FF848F4816A
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF848F47969 push ebx; retf 4_2_00007FF848F4796A
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF848F41629 pushad ; iretd 4_2_00007FF848F41663
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF848F455E9 pushad ; iretd 4_2_00007FF848F455ED
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF848F4A70C pushad ; iretd 4_2_00007FF848F4A710
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF848F45FB1 pushad ; iretd 4_2_00007FF848F45FD3
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 4_2_00007FF8493A7943 push ebx; retf 4_2_00007FF8493A796A
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Validation.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ru\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.GitHub.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.FastTree.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.SharePointReporting.Integration.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\WeeGems.Option.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Alm.Git.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Benchmark.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Threading.Tasks.Extensions.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Web.Http.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\Update.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.Diff.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Composition.Convention.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.VersionControl.Common.Integration.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ReactiveUI.WPF.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.DistributedTask.Common.Contracts.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.Window.Welcome.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Composition.AttributedModel.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\TimeZoneConverter.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\patch.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\stree_gri.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Git.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Splat.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Analytics.Emau.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\7z.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\it-IT\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Octokit.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\RestSharp.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Mono.Cecil.dllJump to dropped file
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeFile created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.Configuration.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ReactiveUI.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Lab.Common.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Web.XmlTransform.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ColorCode.Core.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Mono.Cecil.Rocks.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Composition.Hosting.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Validation.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\fr\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKitServer.Net.Refit.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileListContainer.Split.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.None.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Alm.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\slf4net.log4net.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.CommitContainer.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\Askpass.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Memory.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Accounts.Windows.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Installer.Squirrel.UI.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Newtonsoft.Json.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\LibGit2Sharp.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\EncodingTools.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\MvvmValidation.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Installer.Squirrel.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Build.Common.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Framework.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.AtlassianAccount.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\lib\win32\x86\git2-106a5f2.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Mono.Cecil.Mdb.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.PathTrimmingTextBlock.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.VersionControl.Common.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Reactive.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Host.Msft.TeamServices.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.DeleteTeamProject.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Test.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Dvcs.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Account.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\putty\puttygen.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Squirrel.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\putty\pageant.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Composition.Runtime.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.GutenbergTextView.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\log4net.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Build2.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.Utilities.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\lib\win32\x64\git2-106a5f2.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Options.ConfigurationExtensions.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Kent.Boogaart.HelperTrinity.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\getopt.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Account.OAuth.TwoZero.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DesktopBridge.Helpers.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ko\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Analytics.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\chimera.extensions.logging.log4net.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Services.Client.Interactive.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.WindowsAPICodePack.Shell.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Configuration.Binder.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Wiki.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileList.MultiColumn.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.TestManagement.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.WindowsAPICodePack.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\NuGet.Squirrel.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Git.UI.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Expression.Interactions.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Primitives.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.TestManagement.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Services.Common.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\putty\plink.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.UI.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\SourceTreeShared.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\libiconv2.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Client.QueryLanguage.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ja\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.CustomActions.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SharpCompress.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Lab.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Numerics.Vectors.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\HtmlAgilityPack.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.Console.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Dragablz.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Composition.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Nuget.Core.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\msys-1.0.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\slf4net.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Common.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.IdentityModel.Clients.ActiveDirectory.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Composition.VSMef.Net48.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Work.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DynamicData.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Account.Basic.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Configuration.Abstractions.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.IdentityModel.Tokens.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.SourceControl.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\zh-CN\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\Askpass.UI.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\SourceTree.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.Abstractions.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.Theme.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.IdentityModel.Logging.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\WeeGems.Require.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Dashboards.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.Bitbucket.Server.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileList.TreeView.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Localisation.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Threading.Tasks.Dataflow.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Alm.Authentication.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKit.Net.Api.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileList.SingleColumn.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.TestImpact.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Core.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Windows.Interactivity.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\7z.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\GitLabApiClient.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DeltaCompressionDotNet.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.Identity.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Host.GitLab.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Nito.Disposables.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Build.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Hg.Ui.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Refit.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Analytics.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Mono.Cecil.Pdb.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Lab.WorkflowIntegration.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.AnalyticsService.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Nito.AsyncEx.Tasks.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\de\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKitServer.Net.Api.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.FileListContainer.NoStaging.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\NotificationsExtensions.Win10.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Options.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Configuration.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Policy.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.ProjectManagement.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Api.Account.Pat.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Composition.TypedParts.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.Bitbucket.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\libintl3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Hg.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Diff.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Discussion.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Proxy.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DevOne.Security.Cryptography.BCrypt.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.VersionControl.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Git.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Lab.TestIntegration.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\GongSolutions.Wpf.DragDrop.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Net.Http.Formatting.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Collections.Immutable.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\pt-BR\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Client.DataStoreLoader.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.Scm.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.TestManagement.Common.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.DependencyInjection.Abstractions.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.IdentityModel.Tokens.Jwt.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Common.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Services.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Svg.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKit.Net.Refit.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Kent.Boogaart.Converters.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\id\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\TaskDialog.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SquirrelTemp\SquirrelSetup.logJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\licenses\EULA.pdfJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AtlassianJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atlassian\Sourcetree.lnkJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: SourceTree.exe, 00000007.00000002.3939895902.000001D3E8B6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WINDOWS.FOUNDATION.DIAGNOSTICS.ASYNCCAUSALITYTRACER.DLLLY
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeMemory allocated: 3290000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeMemory allocated: 33B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeMemory allocated: 53B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeMemory allocated: 1D7D9C20000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeMemory allocated: 1D7F3600000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeMemory allocated: 1D3CD850000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeMemory allocated: 1D3E7150000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 7_2_00007FF8495DF3C9 rdtsc 7_2_00007FF8495DF3C9
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeWindow / User API: threadDelayed 2814Jump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeWindow / User API: threadDelayed 796Jump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeWindow / User API: threadDelayed 824Jump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeWindow / User API: threadDelayed 417Jump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeWindow / User API: threadDelayed 3167Jump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeWindow / User API: threadDelayed 1931Jump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Validation.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ru\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.GitHub.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.FastTree.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.SharePointReporting.Integration.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Alm.Git.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\WeeGems.Option.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Benchmark.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Web.Http.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Threading.Tasks.Extensions.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Composition.Convention.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.VersionControl.Common.Integration.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.Diff.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.DistributedTask.Common.Contracts.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ReactiveUI.WPF.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.Window.Welcome.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Composition.AttributedModel.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\TimeZoneConverter.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\stree_gri.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\patch.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Git.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Splat.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Analytics.Emau.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\7z.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\it-IT\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\RestSharp.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Octokit.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Mono.Cecil.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.Configuration.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ReactiveUI.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Lab.Common.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Web.XmlTransform.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ColorCode.Core.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Composition.Hosting.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Mono.Cecil.Rocks.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Validation.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\fr\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKitServer.Net.Refit.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\slf4net.log4net.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Alm.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.None.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileListContainer.Split.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.CommitContainer.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\Askpass.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Memory.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Accounts.Windows.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Installer.Squirrel.UI.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Newtonsoft.Json.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\LibGit2Sharp.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\EncodingTools.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\MvvmValidation.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Build.Common.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Installer.Squirrel.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.AtlassianAccount.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Framework.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\lib\win32\x86\git2-106a5f2.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Mono.Cecil.Mdb.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.PathTrimmingTextBlock.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.VersionControl.Common.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Reactive.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Host.Msft.TeamServices.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.DeleteTeamProject.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Test.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Dvcs.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Account.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\putty\puttygen.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Squirrel.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\putty\pageant.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Composition.Runtime.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.GutenbergTextView.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\log4net.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Build2.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.Utilities.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Options.ConfigurationExtensions.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\lib\win32\x64\git2-106a5f2.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\getopt.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Kent.Boogaart.HelperTrinity.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Account.OAuth.TwoZero.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DesktopBridge.Helpers.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\chimera.extensions.logging.log4net.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ko\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Analytics.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Services.Client.Interactive.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.WindowsAPICodePack.Shell.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Configuration.Binder.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Wiki.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileList.MultiColumn.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.TestManagement.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.WindowsAPICodePack.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\NuGet.Squirrel.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Git.UI.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Expression.Interactions.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Primitives.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.TestManagement.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Services.Common.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\putty\plink.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.UI.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\SourceTreeShared.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\libiconv2.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Client.QueryLanguage.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ja\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SharpCompress.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.CustomActions.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Lab.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Numerics.Vectors.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\HtmlAgilityPack.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.Console.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Dragablz.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Composition.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Nuget.Core.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\msys-1.0.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\slf4net.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Common.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.IdentityModel.Clients.ActiveDirectory.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Composition.VSMef.Net48.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Work.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DynamicData.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Account.Basic.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Configuration.Abstractions.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.IdentityModel.Tokens.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.SourceControl.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\zh-CN\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\Askpass.UI.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\SourceTree.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.Abstractions.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.Theme.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.IdentityModel.Logging.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Dashboards.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\WeeGems.Require.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.Bitbucket.Server.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileList.TreeView.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Localisation.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Threading.Tasks.Dataflow.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Alm.Authentication.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKit.Net.Api.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileList.SingleColumn.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.TestImpact.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Core.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Windows.Interactivity.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\7z.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\GitLabApiClient.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DeltaCompressionDotNet.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.Identity.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Host.GitLab.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Nito.Disposables.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Build.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Hg.Ui.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Refit.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Analytics.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Mono.Cecil.Pdb.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Lab.WorkflowIntegration.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.AnalyticsService.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Nito.AsyncEx.Tasks.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\de\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKitServer.Net.Api.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.FileListContainer.NoStaging.Wpf.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Options.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\NotificationsExtensions.Win10.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Configuration.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Policy.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.ProjectManagement.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Api.Account.Pat.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Composition.TypedParts.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.Bitbucket.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\libintl3.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Diff.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Hg.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Discussion.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Proxy.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.VersionControl.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Lab.TestIntegration.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Git.Client.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\GongSolutions.Wpf.DragDrop.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Net.Http.Formatting.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Collections.Immutable.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Client.DataStoreLoader.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\pt-BR\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.Scm.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.TestManagement.Common.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.DependencyInjection.Abstractions.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.IdentityModel.Tokens.Jwt.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Common.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Services.WebApi.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKit.Net.Refit.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Svg.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Kent.Boogaart.Converters.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\id\SourceTree.Localisation.resources.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\TaskDialog.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 5664Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 6400Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe TID: 7136Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe TID: 7136Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe TID: 5908Thread sleep count: 824 > 30Jump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe TID: 5908Thread sleep count: 107 > 30Jump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe TID: 6476Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe TID: 6148Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe TID: 2700Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe TID: 2700Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe TID: 2700Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeThread delayed: delay time: 30000Jump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeThread delayed: delay time: 30000Jump to behavior
                Source: SourceTree.exe, 00000007.00000002.3936305714.000001D3E7A00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWce%SystemRoot%\system32\mswsock.dll
                Source: Microsoft.TeamFoundation.Lab.TestIntegration.Client.dll.3.drBinary or memory string: 6TestingCapablityInformationNVirtualMachineTestCapabilityInformationz
                Source: SourceTreeSetup-3.4.19.exe, SourceTree-3.4.19-full.nupkgBinary or memory string: rVx}CQuIQeMui
                Source: Microsoft.TeamFoundation.Lab.TestIntegration.Client.dll.3.drBinary or memory string: <>c__DisplayClass4_0<>c__DisplayClass5_0<>c__DisplayClass6_0<>c__DisplayClass7_0<GetCapabilityInformation>b__0<GetTestAgentController>b__0<GetCapabilityStatus>b__0<SyncCapability>b__0arg0<>9__4_1<GetTestAgentController>b__4_1<>9__5_1<GetCapabilityInformation>b__5_1<>9__6_1<GetCapabilityStatus>b__6_1FromXml`1ICollection`1IList`1arg1Int32arg2arg3arg4<>9<Module>Tmscorlib<>cSystem.Collections.GenericReadAddGuidAppendReplaceITestIntegrationServicetestServiceserviceResourceget_Codeget_SubCodeSoapFaultSubCodeget_Messageget_StatusMessageset_StatusMessagemessageRuntimeTypeHandleGetTypeFromHandleget_NameXmlQualifiedNameresourceNamem_testAgentMachineNameget_ComputerNameget_TestAgentNamem_testAgentNameget_ComponentNameget_MinSupportedDateTimeget_MaxSupportedDateTimeget_ServiceTypeget_NodeTypeXmlNodeTypeMessageTypeexceptionTypetypeget_CurrentUICultureget_CurrentCultureTfsHttpClientBaseLabProxyBaseParseLabSystemCapabilityStateCompilerGeneratedAttributeNeutralResourcesLanguageAttributeDebuggableAttributeComVisibleAttributeAssemblyTitleAttributeXmlAttributeAttributeTargetFrameworkAttributeStringFromXmlAttributeEnumFromXmlAttributeAssemblyFileVersionAttributeAssemblyInformationalVersionAttributeSatelliteContractVersionAttributeAssemblyDescriptionAttributeInternalsVisibleToAttributeAssemblyDefaultAliasAttributeCompilationRelaxationsAttributeAssemblyProductAttributeAssemblyCopyrightAttributeCLSCompliantAttributeMoveToNextAttributeParamArrayAttributeAssemblySignatureKeyAttributeAssemblyCompanyAttributeRuntimeCompatibilityAttributeget_ValuedefaultValuevalueMicrosoft.TeamFoundation.Client.ITfsTeamProjectCollectionObject.InitializeIndexOfget_Tracingset_TracingtracingSystem.Runtime.VersioningGetCollectionUriStringCollectionToStringGetStringWriteElementStringSubstringTraceSwitchget_TestIntegrationServiceUriget_AbsoluteUriget_LabSystemUriset_LabSystemUrilabSystemUriToUriget_TestAgentControllerUrim_testControllerUrilabEnvironmentUriuriMicrosoft.VisualStudio.Services.Common.InternalTFUtilMakeSoapCallMicrosoft.TeamFoundation.Lab.TestIntegration.Client.dllCheckForNullSystem.XmlFromXmlToXmlReadOuterXmlGetBoolget_Urlget_SoapNamespaceUrlget_ItemSystemEnumBooleanop_GreaterThanop_LessThanMicrosoft.TeamFoundationTestingCapablityInformationLabSystemTestingCapabilityInformationLabSystemCapabilityInformationget_LabSystemsCapabilityInformationGetCapabilityInformationVirtualMachineTestCapabilityInformationToTestCapabilityInformationSystem.GlobalizationSystem.Xml.SerializationSystem.Reflectionget_TeamProjectCollectionTfsTeamProjectCollectionteamProjectCollectionTfsConnectionTestEnvironmentInUseExceptionInvalidEnvironmentStateExceptionArgumentNullExceptionTestMachineConfigurationExceptionSoapExceptionTestAgentControllerExceptionget_InnerExceptioninnerExceptionTeamFoundationServerExceptionTestIntegrationServerExceptionArgumentExceptionConvertExceptionexceptionMicrosoft.TeamFoundation.CommonMicrosoft.VisualStudio.Services.CommonStringComparisonMakeSoapCallWithoutReturnGetTypeInfoCultureInfo
                Source: Microsoft.TeamFoundation.Lab.TestIntegration.Client.dll.3.drBinary or memory string: Resource7TestingCapablityInformationOVirtualMachineTestCapabilityInformation
                Source: SourceTree.exe, 00000004.00000002.2432229265.000001D7F3D32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllAp
                Source: Update.exe, 00000003.00000002.2345463693.000000000A25D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWdGg
                Source: Microsoft.TeamFoundation.Lab.TestIntegration.Client.dll.3.drBinary or memory string: VirtualMachineTestCapabilityInformation
                Source: Update.exe, 00000003.00000002.2345463693.000000000A25D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeCode function: 7_2_00007FF8495DF3C9 rdtsc 7_2_00007FF8495DF3C9
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeMemory allocated: page read and write | page guardJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe "C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe" --squirrel-install 3.4.19Jump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe "C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe" --squirrel-firstrunJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Users\user\AppData\Local\SquirrelTemp\background.gif VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Users\user\AppData\Local\SquirrelTemp\background.gif VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.Abstractions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.Console.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Options.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.RuntimeInformation\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.RuntimeInformation.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.UI.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Reactive.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.Theme.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.Window.Welcome.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Dragablz.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.FastTree.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Composition.VSMef.Net48.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\TaskDialog.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Localisation.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\chimera.extensions.logging.log4net.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Configuration.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Configuration.Abstractions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\slf4net.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Primitives.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\log4net.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.CustomActions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Dvcs.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Account.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Composition.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Validation.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DesktopBridge.Helpers.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.AnalyticsService.Client.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.AnalyticsService.Client.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.GutenbergTextView.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.GutenbergTextView.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.PathTrimmingTextBlock.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.PathTrimmingTextBlock.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.Utilities.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Accounts.Windows.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Accounts.Windows.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Analytics.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Analytics.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Analytics.Emau.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Analytics.Emau.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Account.Basic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Account.Basic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Account.OAuth.TwoZero.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Account.OAuth.TwoZero.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Api.Account.Pat.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Api.Account.Pat.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Analytics.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Analytics.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Benchmark.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Benchmark.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.Identity.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.Identity.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Git.UI.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Hg.Ui.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.None.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.None.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.AtlassianAccount.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.AtlassianAccount.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.Bitbucket.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.Bitbucket.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.Bitbucket.Server.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.Bitbucket.Server.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.GitHub.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.GitHub.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Host.GitLab.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Host.GitLab.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Host.Msft.TeamServices.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Host.Msft.TeamServices.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Installer.Squirrel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Installer.Squirrel.UI.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.CommitContainer.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileList.MultiColumn.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileList.MultiColumn.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileList.SingleColumn.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileList.SingleColumn.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.FileListContainer.NoStaging.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.FileListContainer.NoStaging.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileListContainer.Split.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileListContainer.Split.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Collections.Immutable.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Threading.Tasks.Dataflow.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tracing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Tracing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections.Concurrent\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.Concurrent.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\GongSolutions.Wpf.DragDrop.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ReactiveUI.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Splat.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Newtonsoft.Json.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ColorCode.Core.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\RestSharp.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKit.Net.Api.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKitServer.Net.Api.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Octokit.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\GitLabApiClient.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Services.Common.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Services.WebApi.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Squirrel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.SourceControl.WebApi.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Core.WebApi.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Composition.AttributedModel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Windows.Interactivity.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DynamicData.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKitServer.Net.Refit.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\WeeGems.Require.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ReactiveUI.WPF.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Nuget.Core.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\NuGet.Squirrel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.Abstractions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.Console.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Options.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.RuntimeInformation\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.RuntimeInformation.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.UI.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Reactive.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.Theme.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.Window.Welcome.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Dragablz.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.FastTree.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Composition.VSMef.Net48.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\TaskDialog.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Localisation.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\chimera.extensions.logging.log4net.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Configuration.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Configuration.Abstractions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\slf4net.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Primitives.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\log4net.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.CustomActions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Dvcs.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Account.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Composition.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Validation.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DesktopBridge.Helpers.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.AnalyticsService.Client.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.AnalyticsService.Client.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.GutenbergTextView.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.GutenbergTextView.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.PathTrimmingTextBlock.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.PathTrimmingTextBlock.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.Utilities.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.Utilities.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Analytics.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Analytics.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Analytics.Emau.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Account.Basic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Api.Account.Pat.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Analytics.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Framework.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Framework.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.Identity.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.Identity.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.Scm.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.Scm.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Git.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Git.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Hg.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Hg.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Hg.Ui.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Hg.Ui.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.AtlassianAccount.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.Bitbucket.Server.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Host.GitLab.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Host.Msft.TeamServices.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Host.Msft.TeamServices.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Installer.Squirrel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Installer.Squirrel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Installer.Squirrel.UI.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Installer.Squirrel.UI.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.CommitContainer.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.CommitContainer.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.Diff.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileList.MultiColumn.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileList.SingleColumn.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileList.TreeView.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileListContainer.Split.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileListContainer.Split.Wpf.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Collections.Immutable.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ReactiveUI.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Splat.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DynamicData.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\WeeGems.Require.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ReactiveUI.WPF.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Services.Common.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Nuget.Core.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKitServer.Net.Refit.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Octokit.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Newtonsoft.Json.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Squirrel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\NuGet.Squirrel.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\GongSolutions.Wpf.DragDrop.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Kent.Boogaart.Converters.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\NotificationsExtensions.Win10.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exeCode function: 0_2_00E8A31B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00E8A31B
                Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATIONJump to behavior

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information1
                Scripting                		Valid Accounts2
                Command and Scripting Interpreter                		1
                Windows Service                		1
                Windows Service                		1
                Masquerading                		OS Credential Dumping1
                System Time Discovery                		Remote Services1
                Archive Collected Data                		11
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                Scripting                		11
                Process Injection                		1
                Modify Registry                		LSASS Memory1
                Query Registry                		Remote Desktop ProtocolData from Removable Media1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt1
                Registry Run Keys / Startup Folder                		1
                Registry Run Keys / Startup Folder                		1
                Disable or Modify Tools                		Security Account Manager111
                Security Software Discovery                		SMB/Windows Admin SharesData from Network Shared Drive2
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCron1
                DLL Side-Loading                		1
                DLL Side-Loading                		31
                Virtualization/Sandbox Evasion                		NTDS1
                Process Discovery                		Distributed Component Object ModelInput Capture3
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchd1
                DLL Search Order Hijacking                		1
                DLL Search Order Hijacking                		11
                Process Injection                		LSA Secrets31
                Virtualization/Sandbox Evasion                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                Obfuscated Files or Information                		Cached Domain Credentials1
                Application Window Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                DLL Side-Loading                		DCSync1
                File and Directory Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                DLL Search Order Hijacking                		Proc Filesystem13
                System Information Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                SourceTreeSetup-3.4.19.exe3%ReversingLabs

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\SourceTree\SourceTree.exe0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\Update.exe0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.AnalyticsService.Client.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.FastTree.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.GutenbergTextView.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.PathTrimmingTextBlock.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.Utilities.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKit.Net.Api.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKit.Net.Refit.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKitServer.Net.Api.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKitServer.Net.Refit.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ColorCode.Core.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DeltaCompressionDotNet.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DesktopBridge.Helpers.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DevOne.Security.Cryptography.BCrypt.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Dragablz.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DynamicData.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\EncodingTools.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\GitLabApiClient.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\GongSolutions.Wpf.DragDrop.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\HtmlAgilityPack.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Kent.Boogaart.Converters.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Kent.Boogaart.HelperTrinity.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\LibGit2Sharp.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Alm.Authentication.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Alm.Git.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Alm.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Expression.Interactions.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Configuration.Abstractions.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Configuration.Binder.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Configuration.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.DependencyInjection.Abstractions.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.Abstractions.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.Configuration.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.Console.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Options.ConfigurationExtensions.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Options.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Primitives.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.IdentityModel.Clients.ActiveDirectory.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.IdentityModel.Logging.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.IdentityModel.Tokens.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Build.Client.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Build.Common.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Build2.WebApi.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Client.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Common.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Core.WebApi.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Dashboards.WebApi.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.DeleteTeamProject.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Diff.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Discussion.Client.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.DistributedTask.Common.Contracts.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Git.Client.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Lab.Client.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Lab.Common.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Lab.TestIntegration.Client.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Lab.WorkflowIntegration.Client.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Policy.WebApi.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.ProjectManagement.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.SharePointReporting.Integration.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.SourceControl.WebApi.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Test.WebApi.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.TestImpact.Client.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.TestManagement.Client.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.TestManagement.Common.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.TestManagement.WebApi.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.VersionControl.Client.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.VersionControl.Common.Integration.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.VersionControl.Common.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Wiki.WebApi.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Work.WebApi.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Client.DataStoreLoader.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Client.QueryLanguage.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Client.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Common.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Proxy.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.WebApi.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Composition.dll0%ReversingLabs
                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Services.Client.Interactive.dll0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                d145e4fdyl6drh.cloudfront.net
                		3.161.73.137
                		truefalse
                  		unknown
                  product-downloads.atlassian.com
                  		unknown
                  		unknownfalse
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://product-downloads.atlassian.com/software/sourcetree/windows/ga/sourcetree_ga.icofalse
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://github.com/myuser/myrepoUpdate.exe, 00000003.00000000.2053912375.0000000000F82000.00000002.00000001.01000000.00000005.sdmp, SourceTree.exe, 00000004.00000002.2450551036.000001D7F55B2000.00000002.00000001.01000000.00000060.sdmpfalse
                        		unknown
                        http://defaultcontainer/lib/net45/Kent.Boogaart.HelperTrinity.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                          		unknown
                          http://defaultcontainer/tempfiles/sample.pngdUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                            		unknown
                            http://defaultcontainer/lib/net45/System.Threading.Tasks.Dataflow.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                              		unknown
                              http://github.com/git/git?Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drfalse
                                		unknown
                                http://defaultcontainer/lib/net45/BitbucKit.Net.Api.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://defaultcontainer/lib/net45/BitbucKitServer.Net.Api.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://defaultcontainer/lib/net45/ru/SourceTree.Localisation.resources.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://defaultcontainer/lib/net45/RestSharp.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://defaultcontainer/lib/net45/Refit.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://defaultcontainer/lib/net45/SourceTree.Ui.FileList.SingleColumn.Wpf.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://defaultcontainer/lib/net45/Atlassian.FastTree.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://defaultcontainer/lib/net45/SourceTree.Api.Host.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://defaultcontainer/lib/net45/ReactiveUI.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://defaultcontainer/tempfiles/sample.exeUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://defaultcontainer/lib/net45/SourceTree.Api.Account.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://defaultcontainer/lib/net45/Sourcetree.Host.GitLab.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://defaultcontainer/lib/net45/SourceTree.Host.Bitbucket.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://defaultcontainer/lib/net45/Sourcetree.Installer.Squirrel.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.DistributedTask.Common.Contracts.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://defaultcontainer/lib/net45/Microsoft.Alm.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://defaultcontainer/lib/net45/SourceTree.Api.Host.Identity.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://github.com/yadyn/WPF-Task-Dialog?Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drfalse
                                                                    		unknown
                                                                    http://defaultcontainer/lib/net45/extras/PortableGitLfsBitbucketMediaApi-1.0.5.7zUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://defaultcontainer/lib/net45/DynamicData.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://defaultcontainer/lib/net45/SourceTree.Api.Analytics.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://defaultcontainer/lib/net45/extras/licenses/Apache2.htmdUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://defaultcontainer/tempfiles/sample.shasumdUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://defaultcontainer/lib/net45/Microsoft.Extensions.Primitives.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://defaultcontainer/lib/net45/Kent.Boogaart.Converters.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://schemas.openxmlformats.orUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://defaultcontainer/lib/net45/de/SourceTree.Localisation.resources.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://defaultcontainer/tempfiles/sample.pldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://defaultcontainer/lib/net45/SourceTree.Api.Host.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://defaultcontainer/lib/net45/pt-BR/SourceTree.Localisation.resources.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://defaultcontainer/lib/net45/fr/SourceTree.Localisation.resources.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              http://defaultcontainer/lib/net45/MvvmValidation.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://defaultcontainer/lib/net45/SourceTree.Ui.FileListContainer.Split.Wpf.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://defaultcontainer/lib/net45/SourceTree.Ui.FileList.TreeView.Wpf.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://defaultcontainer/lib/net45/tools/libintl3.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://defaultcontainer/lib/net45/System.Composition.Runtime.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://defaultcontainer/lib/net45/Validation.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://defaultcontainer/lib/net45/Atlassian.FastTree.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://defaultcontainer/lib/net45/SourceTree.Api.Benchmark.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://defaultcontainer/lib/net45/extras/hgext/hgflow/hgflow.pyUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://defaultcontainer/lib/net45/SourceTree.Api.Account.Basic.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://defaultcontainer/lib/net45/tools/patch-2.6.1-1-msys-1.0.13-src.tar.lzmaUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://defaultcontainer/SourceTree.nuspecdUpdate.exe, 00000003.00000002.2337346163.0000000003760000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://defaultcontainer/lib/net45/System.Collections.Immutable.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://defaultcontainer/lib/net45/SourceTree.Ui.FileList.TreeView.Wpf.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Lab.TestIntegration.Client.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://defaultcontainer/lib/net45/tools/Askpass.UI.Wpf.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://openid.net/specs/jwt/1.0Hurn:ietf:params:oauth:token-type:jwtUpdate.exe, 00000003.00000002.2337346163.0000000003850000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000385D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.VersionControl.Common.Integration.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://defaultcontainer/tempfiles/sample.pngUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://product-downloads.atlassian.comUpdate.exe, 00000003.00000002.2337346163.00000000037B9000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DBE92000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFB8E000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CF675000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAFF000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFAAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://github.com/aspnet/Extensions/tree/9bc79b2f25a3724376d7af19617c33749a30ea3aUpdate.exe, 00000003.00000002.2337346163.00000000039F4000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.000000000399C000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000039C2000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.00000000039E8000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000003.00000002.2337346163.0000000003A0D000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2434178994.000001D7F4332000.00000002.00000001.01000000.0000001F.sdmp, SourceTree.exe, 00000004.00000002.2433921178.000001D7F4302000.00000002.00000001.01000000.0000001D.sdmp, SourceTree.exe, 00000004.00000002.2423005552.000001D7D9C42000.00000002.00000001.01000000.00000011.sdmp, SourceTree.exe, 00000004.00000002.2423340776.000001D7DB562000.00000002.00000001.01000000.00000013.sdmp, SourceTree.exe, 00000004.00000002.2438899966.000001D7F4942000.00000002.00000001.01000000.00000024.sdmp, SourceTree.exe, 00000004.00000002.2423455096.000001D7DB5A2000.00000002.00000001.01000000.00000015.sdmp, SourceTree.exe, 00000004.00000002.2423277919.000001D7DB552000.00000002.00000001.01000000.00000012.sdmp, Microsoft.Extensions.Logging.Console.dll.3.drfalse
                                                                                                                                        		unknown
                                                                                                                                        http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.WorkItemTracking.WebApi.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://defaultcontainer/lib/net45/tools/putty/plink.exedUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://defaultcontainer/lib/net45/System.Numerics.Vectors.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://defaultcontainer/lib/net45/Microsoft.IdentityModel.Logging.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.TestManagement.Common.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://defaultcontainer/lib/net45/tools/svn.plUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://defaultcontainer/lib/net45/SourceTree.Analytics.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://dragablz.net/winfx/xaml/dragablzUpdate.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DB647000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe, 00000004.00000002.2438673026.000001D7F48B2000.00000002.00000001.01000000.00000023.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DB76B000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CF2B5000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CF151000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CF453000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe.3.drfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://defaultcontainer/lib/net45/Atlassian.Utilities.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Build.Client.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://defaultcontainer/lib/net45/System.Threading.Tasks.Dataflow.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://defaultcontainer/lib/net45/Mono.Cecil.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://defaultcontainer/lib/net45/slf4net.log4net.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://defaultcontainer/tempfiles/sample.manifestUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://defaultcontainer/lib/net45/tools/7z.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://github.com/punker76/gong-wpf-dragdrop?Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://defaultcontainer/lib/net45/Sourcetree.Installer.Squirrel.UI.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://defaultcontainer/lib/net45/extras/hgext/hgflow/hgflow.pydUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://d145e4fdyl6drh.cloudfront.netUpdate.exe, 00000003.00000002.2337346163.00000000037CC000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000007.00000002.3909136966.000001D3CFB5B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://www.putty.org/?Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://defaultcontainer/lib/net45/Dragablz.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.WorkItemTracking.Proxy.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.VersionControl.Client.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      http://defaultcontainer/tempfiles/sample.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        http://defaultcontainer/lib/net45/System.Reactive.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://defaultcontainer/lib/net45/Atlassian.GutenbergTextView.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.Common.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://defaultcontainer/tempfiles/sample.txtdUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                http://defaultcontainer/lib/net45/Microsoft.TeamFoundation.DeleteTeamProject.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  http://defaultcontainer/lib/net45/Microsoft.VisualStudio.Services.Common.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://defaultcontainer/lib/net45/SourceTree_ExecutionStub.exedUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://defaultcontainer/tempfiles/sample.lzmaUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://defaultcontainer/lib/net45/fr/SourceTree.Localisation.resources.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://defaultcontainer/lib/net45/DevOne.Security.Cryptography.BCrypt.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://github.com/WilliamABradley/ColorCode-Universal/blob/master/license.md?Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://defaultcontainer/lib/net45/Microsoft.Alm.Authentication.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                http://defaultcontainer/tempfiles/sample.htmdUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  https://github.com/WilliamABradley/ColorCode-Universal/?Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://defaultcontainer/lib/net45/DevOne.Security.Cryptography.BCrypt.dllUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000002.2423499610.000001D7DC1F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      http://defaultcontainer/lib/net45/log4net.Alpha.configdUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        http://defaultcontainer/lib/net45/WeeGems.Require.dlldUpdate.exe, 00000003.00000002.2337346163.00000000036C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          https://github.com/ButchersBoy/Dragablz/blob/master/LICENSE?Update.exe, 00000003.00000002.2342993066.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, SourceTree.exe, 00000004.00000000.2105900715.000001D7D9812000.00000002.00000001.01000000.00000007.sdmp, SourceTree.exe.3.drfalse
                                                                                                                                                                                                                            		unknown

                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                            3.161.73.137
                                                                                                                                                                                                                            		d145e4fdyl6drh.cloudfront.netUnited States
                                                                                                                                                                                                                            		16509AMAZON-02USfalse

                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                            Analysis ID:1523483
                                                                                                                                                                                                                            Start date and time:2024-10-01 17:03:52 +02:00
                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                            Overall analysis duration:0h 10m 3s
                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                            Run name:Run with higher sleep bypass
                                                                                                                                                                                                                            Number of analysed new started processes analysed:11
                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                            Sample name:SourceTreeSetup-3.4.19.exe
                                                                                                                                                                                                                            Detection:SUS
                                                                                                                                                                                                                            Classification:sus36.troj.evad.winEXE@8/252@1/1
                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                            • Successful, ratio: 50%
                                                                                                                                                                                                                            HCA Information:Failed
                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                            • Execution Graph export aborted for target SourceTree.exe, PID 2804 because it is empty
                                                                                                                                                                                                                            • Execution Graph export aborted for target SourceTreeSetup-3.4.19.exe, PID 4852 because there are no executed function
                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                            • VT rate limit hit for: SourceTreeSetup-3.4.19.exe

                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                            No simulations

                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            d145e4fdyl6drh.cloudfront.netSourceTreeSetup-3.4.14.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                            • 13.225.35.234
                                                                                                                                                                                                                            SourceTreeSetup-3.4.14.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                            • 13.225.35.234
                                                                                                                                                                                                                            cs.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                            • 99.84.149.113
                                                                                                                                                                                                                            cs.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                            • 52.222.145.161
                                                                                                                                                                                                                            SourceTreeSetup-3.4.6.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                            • 18.66.240.166
                                                                                                                                                                                                                            cs.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                            • 13.225.35.234
                                                                                                                                                                                                                            SourceTreeSetup-3.4.5.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                            • 13.226.173.187
                                                                                                                                                                                                                            SourceTreeSetup-3.4.5.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                            • 13.226.173.187
                                                                                                                                                                                                                            SourceTreeSetup-3.4.5.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                            • 13.226.173.187

                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            AMAZON-02UShttps://www.dropbox.com/l/scl/AADL_v5DzsoHwkyegIhk6J0bQm3A7UWklCAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 52.28.39.231
                                                                                                                                                                                                                            https://k7qo.sarnerholz.cam/APRjVfmkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 18.195.235.189
                                                                                                                                                                                                                            https://pt9w4x.nauleacepr.com/9QLzRhIr/#Ygovernment.relations@rolls-royce.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                            • 18.245.86.73
                                                                                                                                                                                                                            https://vwkugoia0yciq0buttompanj2.ntvultra.com/viciorhthvgh/forhwural/coupletri/QdhahVchT/yEjbKM/anNhbGFzQGhvbGxhbmRjby5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                            • 13.33.187.96
                                                                                                                                                                                                                            document.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                            • 13.248.252.114
                                                                                                                                                                                                                            https://links.rasa.io/v1/t/eJx1kM2OgjAUhV_FsB6kpUXQ1bzAuJp9c2mvTI1Q0tvGEMO7DzCKC51t73d-em5J9JfksEl-QujpkGXR19A13sUet9q1W4iZJko-NkmLAQwEmOhbQi56jbPwiFe6YAjoXyBswS7mBiwN2nVXGCSTn838PrvPCg8EqkUiaFCFoV9Na2_x9I0Uvv6OK0yxPqMO6tlhsmpjZ8OgppCTbaKHYF33IFflk7Nm1u3LUgDjp5QXRqZ1qU0KOYNUij0T1U7ntaxeOhJ2Rk1_XJJzlsuUs5TxlfOonTf3BF5UohBl9aZCj56mjv9wjzQfV0TIXck5E_I9RBTxjh5dt8wFtQrTgMr18xzrZRzHX-Cephc=#a2FyZW4ubW9vbmV5QGJhbGxhcmRkZXNpZ25zLm5ldA==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                            • 3.5.130.130
                                                                                                                                                                                                                            https://trk.mail.ru/c/kruxy7?clickid=mtg66f14a9e6633b800088f731w&mt_campaign=ss_mark_se_ios&mt_creat%20ive=m-%20se23.mp4&mt_gaid=&mt_idfa=&mt_network=mtg1206891918&mt_oaid=&mt_sub1=ss_mark_se_ios&mt_sub2=mtg12068%2091918&mt_sub3=1809824272&mt_sub5=ss_mark_se_iosGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 52.210.180.113
                                                                                                                                                                                                                            http://ek21-cl.asp.cuenote.jp/c/pvwyaadfke3Lf8bGGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 35.76.236.215
                                                                                                                                                                                                                            https://www.canva.com/design/DAGSL2lLp_4/lQGTdiRa89y3fkgkaFc-uQ/edit?utm_content=DAGSL2lLp_4&utm_campaign=designshare&utm_medium=link2&utm_source=sharebuttonGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                            • 3.165.206.35
                                                                                                                                                                                                                            https://app.getresponse.com/change_details.html?x=a62b&m=BrgFNl&s=BW9rcZD&u=C3YQM&z=EMkQID6&pt=change_detailsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 18.245.86.4

                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            3b5074b1b5d032e5620f69f9f700ff0eorigin.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 3.161.73.137
                                                                                                                                                                                                                            origin.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 3.161.73.137
                                                                                                                                                                                                                            Play_VM-Now(Tina.lawvey)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                            • 3.161.73.137
                                                                                                                                                                                                                            r20240913TRANSFERENCIA.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                            • 3.161.73.137
                                                                                                                                                                                                                            asegurar.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                            • 3.161.73.137
                                                                                                                                                                                                                            dcsegura.vbsGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                                                                                            • 3.161.73.137
                                                                                                                                                                                                                            asegura.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                            • 3.161.73.137
                                                                                                                                                                                                                            grace.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                            • 3.161.73.137
                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                            • 3.161.73.137
                                                                                                                                                                                                                            hesaphareketi-01.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                            • 3.161.73.137

                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            C:\Users\user\AppData\Local\SourceTree\Update.exeSourceTreeSetup-3.4.14.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                              SourceTreeSetup-3.4.14.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.GutenbergTextView.dllSourceTreeSetup-3.4.14.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                  SourceTreeSetup-3.4.14.exeGet hashmaliciousAgentTeslaBrowse

                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Atlassian\SourceTree.exe_Url_iowtohs3cjx4kmt5lg3h4wlwlg2oe3i2\3.4.19.0\Assemblies.cache

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe
                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):2276
                                                                                                                                                                                                                                    Entropy (8bit):4.962800695065742
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:4IQnzMKDAJnbvnIIO6GI9Rubbt2ISmAK3wIii9jdIVjIViaWnenu7G7i5aiZcVT9:4IQnYKDAJnbvnIIO6GI9Rubbt2IrAK3b
                                                                                                                                                                                                                                    MD5:E788EDBFB6382C3D30B8E3473C7A7CE7
                                                                                                                                                                                                                                    SHA1:B279743C6AE491162A9D2E61B4BD75546A2C6942
                                                                                                                                                                                                                                    SHA-256:0816F5FECA6AE55A160AD29B6056894AF2023841BD6115304AC432D9B3263318
                                                                                                                                                                                                                                    SHA-512:FA86016F0C0BF06A3A772D44A2E86FD6A555B956C029D33ACEAB00055673E9C2F391245AEB8BDE18FAE5852399DFB65B3715AB3D1ED972D54FB426FBFE242223
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Preview:Atlassian.AnalyticsService.Client 10/01/2024 15:04:46..Atlassian.FastTree 10/01/2024 15:04:46..Atlassian.GutenbergTextView 10/01/2024 15:04:46..Atlassian.PathTrimmingTextBlock 10/01/2024 15:04:46..Atlassian.Utilities 10/01/2024 15:04:46..Sourcetree 10/01/2024 15:04:48..SourceTree.Accounts.Windows 10/01/2024 15:04:48..SourceTree.Analytics 10/01/2024 15:04:48..Sourcetree.Analytics.Emau 10/01/2024 15:04:48..SourceTree.Api 10/01/2024 15:04:48..SourceTree.Api.Account 10/01/2024 15:04:48..SourceTree.Api.Account.Basic 10/01/2024 15:04:48..SourceTree.Api.Account.OAuth.TwoZero 10/01/2024 15:04:48..Sourcetree.Api.Account.Pat 10/01/2024 15:04:48..SourceTree.Api.Analytics 10/01/2024 15:04:48..SourceTree.Api.Benchmark 10/01/2024 15:04:48..SourceTree.Api.CustomActions 10/01/2024 15:04:48..SourceTree.Api.Dvcs 10/01/2024 15:04:48..Sourcetree.Api.Framework 10/01/2024 15:04:48..SourceTree.Api.Host 10/01/2024 15:04:48..SourceTree.Api.Host.Identity 10/01/2024 15:04:48..SourceTree.Api.Host.Scm 10/01/2024 1

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Atlassian\SourceTree.exe_Url_iowtohs3cjx4kmt5lg3h4wlwlg2oe3i2\3.4.19.0\Composition.cache

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe
                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):37557
                                                                                                                                                                                                                                    Entropy (8bit):6.101539065708771
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:FNFUYLcZUvgJnEisdM3dK5YIChX11HMBapYERhPwSs4Ow45q5XVqf1WBuj0wqfJ:RdPChXfm5QXcn2
                                                                                                                                                                                                                                    MD5:9FBBD35ABD405FE321E8766955278081
                                                                                                                                                                                                                                    SHA1:0AAEE014AF48B01174898F2DB4C126ADA1D03C91
                                                                                                                                                                                                                                    SHA-256:0DD097BC692C86C64D22E5E1A14CB2D468738F058C3665DEB83CB570B0A081A4
                                                                                                                                                                                                                                    SHA-512:0CE74BF5715DC22313ED18C343B3EBDA10D91E7E3F4CDBC901E4C5E1DD2A35585657C48AB029BEAF8BEF21C9861C44FF1ABED36619F0DF69CB350BC449EF135D
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Preview:....@{...RSourcetree.Dvcs.Git.UI.Wpf, Version=3.4.19.0, Culture=neutral, PublicKeyToken=null.Zfile:///C:/Users/user/AppData/Local/SourceTree/app-3.4.19/Sourcetree.Dvcs.Git.UI.Wpf.DLL..^Sourcetree.Dvcs.Git.UI.Wpf.ViewModel.Notifications.GitFlowUpgradeRequiredNotificationViewModel.......SourceTree.Notifications.IDvcsFlagNotification......ExportTypeIdentity....>SourceTree.Notifications.IFlowRequiresInstallationNotification..............ctor....FSourceTree.Api, Version=3.4.19.0, Culture=neutral, PublicKeyToken=null.Nfile:///C:/Users/user/AppData/Local/SourceTree/app-3.4.19/SourceTree.Api.DLL@...SourceTree.Configuration.IConfigurationManager.....@H..SourceTree.Notifications.INotificationsManager.....................MSourceTree.Api.UI.Wpf, Version=3.4.19.0, Culture=neutral, PublicKeyToken=null.Ufile:///C:/Users/user/AppData/Local/SourceTree/app-3.4.19/SourceTree.Api.UI.Wpf.DLLA..4SourceTree.Configuration.DefaultConfigurationManager.........................@..-SourceTree.Notifications.N

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Atlassian\SourceTree.exe_Url_iowtohs3cjx4kmt5lg3h4wlwlg2oe3i2\3.4.19.0\Startup.Profile

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe
                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):18300
                                                                                                                                                                                                                                    Entropy (8bit):5.986872338910626
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:iyOZewhQ2eUEhi54uouORhv7flseLXdaA3sbhGmkswB:i5mket7t/dsejZ3PmW
                                                                                                                                                                                                                                    MD5:B6E082EE3CA77AE15C46BC7880CE356A
                                                                                                                                                                                                                                    SHA1:2D2C5C6C1830A51EDE18CDD93D65A2DBF117165C
                                                                                                                                                                                                                                    SHA-256:E69C7671ED7BF23510A0104104E66C85839084AB4753CFB3B5132911AABAF8A1
                                                                                                                                                                                                                                    SHA-512:3F73E10BF998B76729A728FC80D91190C9A46BEA8C4AC18F99BAE59FCE898103604692F53A430121AE4C7AD6FC4AB73F4762CA0C3C51AA4A62BD44D3E94CE210
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Preview:@...e.......j...l...............................................8..................C.G.M..8s...#E.......System.Reactive.4.................4.0..H......t*s.......Sourcetree..@................R...c.O.`...R.P........PresentationFramework...4................,..A.K.4.'..2.........WindowsBase.4....................D...{..|f........System.Core.0......................C.l]..7.s........System..8...............2?.....F..l.............PresentationCore4.................n&..M.....*.f........System.Xaml.8................z....H.Z.x}..>.......SourceTree.Api..T..................E..D.G.n.B........).Microsoft.Extensions.Logging.Abstractions...D..................dUJcA..8.{...........Microsoft.Extensions.LoggingL...............&.~....D..h..kh......$.Microsoft.Extensions.Logging.ConsoleD...................."E.U............Microsoft.Extensions.Options<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..@...................L.I.t..".M.x.......

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Atlassian\SourceTree\7309d2d8-dc1e-4f4a-a19f-f2735923a58asourcetree.log

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe
                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):59
                                                                                                                                                                                                                                    Entropy (8bit):4.454866253471544
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3:tR7oUxNfoGsIL69L1gIovn:n/NotNmVv
                                                                                                                                                                                                                                    MD5:5AA592995F60595069CC77618FCDB4B1
                                                                                                                                                                                                                                    SHA1:80887060A2B7AC0533A502DC9E0A131BC79A0AEC
                                                                                                                                                                                                                                    SHA-256:095CA96C1538B3B83632D16994CA57C91E7ADDDD7FFE24769DD157E63A2835E5
                                                                                                                                                                                                                                    SHA-512:EA3DCB247A7D13CF172A974D1720463C74F905055553DE85CC9F98FBA04098AA3F123C861BEA939CAE441F1831F1553732FEC5FE57AA61E506F8576DE9004A60
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Preview:2024-10-01T11:05:11: LogHost: Initializing to normal mode..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Atlassian\SourceTree\sourcetree.log

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe
                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):59
                                                                                                                                                                                                                                    Entropy (8bit):4.501559261982789
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3:tR7oUxNfbQNBIL69L1gIovn:n/NbKNmVv
                                                                                                                                                                                                                                    MD5:42376F5CAA5D7DA15765C877D6050C75
                                                                                                                                                                                                                                    SHA1:436B907765588F65043981A4D38CB891640FFC35
                                                                                                                                                                                                                                    SHA-256:B10ED642FA118E1A71F2DE433B4CFE3A3442217402C4FD16387EAFBE35036E14
                                                                                                                                                                                                                                    SHA-512:9142761B700D72D3CE16F74334FBBCF1578C11B70ACE31FD5E3ED3A5A325B5F62C252EFCBB68BA3A5A305085C320CCBDCEB18CC669815666DFCBA656EA6C28F7
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Preview:2024-10-01T11:04:54: LogHost: Initializing to normal mode..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\SourceTree.exe.log

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe
                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):4422
                                                                                                                                                                                                                                    Entropy (8bit):5.366319160927177
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:96:iqbYqGSI6ou/fmOYqSeCtzHeqKkeVfTqkqo1s/z6zHEwt1wmj0qlWiqZ4fYjX:iqbYqGcn/uHq/CtzHeqKkeVfTqkqo1sX
                                                                                                                                                                                                                                    MD5:3A06B31E393019D27F37CC29699EDF8B
                                                                                                                                                                                                                                    SHA1:57ED4F00005892700421BE13671D6AE27BCF3B2D
                                                                                                                                                                                                                                    SHA-256:96923287962DD7A532EC5E65FF611DFD222A5027E7F842F43E14DC089D992950
                                                                                                                                                                                                                                    SHA-512:3720CBE60F5018C942D4F9F25AA82107A7336B70C63F887231B64CE5FD23CE85F6036E116A8FD8F55152F40E0078FC356F7C8DFD8A48C044A647265B9539858B
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\95a5c1baa004b986366d34856f0a5a75\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\ef4e808cb158d79ab9a2b049f8fab733\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Update.exe.log

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):2526
                                                                                                                                                                                                                                    Entropy (8bit):5.3595538430679355
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:MxHKlYHKh3ouHgJHreylEHMHKo/tHo6hAHKzeSHaRHxWHy1qHTO6HFHKcEj:iqlYqh3ou0aymsqwtI6eqzTyRWSwzjlg
                                                                                                                                                                                                                                    MD5:BAA2BFA53A056858290D35859D8A5816
                                                                                                                                                                                                                                    SHA1:6D45007AD0A2796FAB205A544E79F45F76743657
                                                                                                                                                                                                                                    SHA-256:B3B7F965A358A817C4F4D8B0D85C5F226987771E55B0883A5340531C35B9BDD4
                                                                                                                                                                                                                                    SHA-512:452149E0020C7711915313667923A4590C3887F241A4300F3866A31B81DB8EF66DBD72943239285BE16A0D2BB4973409C653520A05B796B39E2441E56038381A
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4d760e3e4675c4a4c66b64205fb0d001\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\17470ef0c7a174f38bdcadacc3e310ad\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\SourceTree.exe

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):301008
                                                                                                                                                                                                                                    Entropy (8bit):6.115522613484256
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:wxate/eTH6bv5rP+yQBQO1W5k0HtbRMcbIAg0Fub2LmohXu2FwE7rzDt2Ltcc:Ntx6bBpk/W5z7IAOaLVhx6EXt2ZF
                                                                                                                                                                                                                                    MD5:C7F27DD411AF50592F8E942176554103
                                                                                                                                                                                                                                    SHA1:265038521B5CC10FC7F4568EE1AF11DC86D93CA2
                                                                                                                                                                                                                                    SHA-256:F3A7B1C4363BD16134440E108CDDFCA85EB74360695C708580F484A460BABC27
                                                                                                                                                                                                                                    SHA-512:AE9598C75F02DCC07EA6E1C7779E75F354AFE725AE3BD4D3CFA7D3FCC3694997519E01940C6E773E9C70AE848C19B8CEC8FD8E7F05CD95829C91ED14DB76BCDD
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f%...K...K...K.g.....K.g...U.K.g.....K.M.....K..eH...K..eN...K..eO...K.......K...J...K.wdB...K.wd....K......K.wdI...K.Rich..K.........PE..L...2.]Z............................(.............@..................................m....@.................................p...<.......h....................... "......p...........................`...@...............<............................text...n........................... ..`.rdata..............................@..@.data...."..........................@....rsrc...h...........................@..@.reloc.. ".......$...b..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\Update.exe

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):1829840
                                                                                                                                                                                                                                    Entropy (8bit):5.88951053446875
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24576:AoNX16P1ulyRLOmre4E0QVkjkMTReMhzT9NS:R41ulAvJNQMhm
                                                                                                                                                                                                                                    MD5:BE71BD64082B4BA88D1B59C2D432C340
                                                                                                                                                                                                                                    SHA1:4DF45B97BE889E6E479CC590546E1732C4EB3535
                                                                                                                                                                                                                                    SHA-256:EDB23A210132682D4C150003D6E02A3D894D82EF018FDF986FBF9BEB6B5D68FA
                                                                                                                                                                                                                                    SHA-512:5FEDF278070C6FDC80A53F75C2A450403885937B1070377CD683E6B7767BEF61CFCE0C16076AA3619F5C991BB3CB07A174A3E6D10DEF1DD50E724B13048A53F5
                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\SourceTree\Update.exe, Author: Joe Security
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                    • Filename: SourceTreeSetup-3.4.14.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                    • Filename: SourceTreeSetup-3.4.14.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....]Z................................. ........@.. .......................@............@.....................................O............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......,...p...........t.................................................{....*..{....*..{....*r.(......}......}......}....*....0..S........u......,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*..0..K....... *.o. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0...........r...p......%..{.....................-.q.............-.&.+.......o.....%..{.....................-.q.............-.&.+.......o.....%..{......................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.AnalyticsService.Client.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):26576
                                                                                                                                                                                                                                    Entropy (8bit):6.052582721795155
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:jaS8wO020+xAmeFfJRqJun7DD7DHcZukhGKqE35IYiWm:OS8wUeFfL7kBuYiV
                                                                                                                                                                                                                                    MD5:7A50241F1BD0576C92F839569291E370
                                                                                                                                                                                                                                    SHA1:215A6ABFE6F2369DF6EC33A681E0AF4FD00A4C18
                                                                                                                                                                                                                                    SHA-256:ACF56D739C7B6B7E164250DCAA20CBF5DB12BF8E29B0808A032223A76DE44750
                                                                                                                                                                                                                                    SHA-512:8324DF9103FBC4915CAF56CC86BBF70872AB99B2BFA523493B69A4D0EE400847346DE0E7CB6970A4CF72A5B93EB6AE375ECAFCE220C1863F8B66C616D5325C6C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..L...........k... ........... ..............................Er....`.................................ck..O....................V...............j..T............................................ ............... ..H............text....K... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B.................k......H.......l+...>............................................................{....*"..}....*..{....*"..}....*...0..X.......s{......}@....(........%-.&r...ps....z(.......(....(...+}......(........|...s....(.....*:s ...%.o!....*..0..?.......s}.....("...}B.....}D.....}C.....}A....|B.....(...+.|B...($...*".(%....*..{....*"..}....*b.(........(.......}....*...0..Y..............%...%.....{....r...p......%..F...(&....%......(&.....o'......(.....o(...t.....+..*....0............o)...o*...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.FastTree.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):40912
                                                                                                                                                                                                                                    Entropy (8bit):5.97506305133153
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:ybzrtD+Q0VNoSJVJB0zSbLMF8J8E5mgsf7MIVVYiYiG:y/85J6oJ8E5mJ7MIVV7NG
                                                                                                                                                                                                                                    MD5:2A827754C4070F5E12221454020BB53F
                                                                                                                                                                                                                                    SHA1:1D12358CDF332C786AEE7962E584C560850C0224
                                                                                                                                                                                                                                    SHA-256:47B4F974F098FF29181E92A1560026F6AB576A4E9FC5ACE70A90557AA713CF4E
                                                                                                                                                                                                                                    SHA-512:416D9815F003AFEDF43ADE7A250FE479CE0CABDBAEFA30F2EB954080A80AE43B650D28EB8848C463E7E7F25D074BD20E9271CD5958CED5A737BA1B73F5BBD98B
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....).f.........." ..0.............v.... ........... ..............................7.....`.................................$...O................................................................................... ............... ..H............text...|.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................X.......H.......8L...V..........4.................................................(!...o<...-..*.(!...oW...-..(!...o@...*.*Z.(!...o:...-..((...*.*..((...,..(!...oG...*.(!...o:...,..(!...oI...*.(!...oE...*..r...p(....}.....r'..p(....}......(+...*b#......0@#......0@s....*...0..\.......#..........(!...o@...-..(#....#.......?.(!...oW...l#......4@ZX.Y.(!...oD....($...(6...s ...*F.(....-.*..(....*2.(!...o!...*..0..r........(!...o:...-..{....+..{......(....#.......@s"......(!...o8...o#.....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.GutenbergTextView.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):47568
                                                                                                                                                                                                                                    Entropy (8bit):5.999806994295209
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:vSKhLNREHr/r0IWrolfR8ZomOOcbL8KNZ7DXygZDtiGYiH:nptrHyOc39Z7DXJDtiG7H
                                                                                                                                                                                                                                    MD5:A847B35398049C8473FD80612C4ABB8E
                                                                                                                                                                                                                                    SHA1:CF1F9C584487F3584F262BEA40450FC851D40879
                                                                                                                                                                                                                                    SHA-256:9A2EDC221CC335288F330BDC74C76CF0CE571915822154D67B3F4DC8746183F9
                                                                                                                                                                                                                                    SHA-512:C983E515DE104F42B0A44FD7470067E9A51D7EDB533742CBB280EEF28221348BE4E0BF48E0AAC75CFF4DFEA8F00A72A86025F4A4C3165AEDDC11B6C2262FA73D
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                    • Filename: SourceTreeSetup-3.4.14.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                    • Filename: SourceTreeSetup-3.4.14.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...vo@`.........." ..0.............V.... ........... ...............................\....`.....................................O................................................................................... ............... ..H............text...\.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................8.......H........R...g...........................................................0...........u......-.~....*s .....(...+...+o.....(".......o.....3..r...p.{.....sF...o#...+<..o.....3..{......+...o.....3..{.........o........sF...o#.....X....i2..*.s$...z..0..9........ .... .... .... ....(%...s&...}..... .... .... .... ....(%...s&...}.....s'...%s(...% .... .... .... ....(%...#........s)...o*...% .... .... .... ....(%...#.......?s)...o*...%(+...#.......?s)...o*...%(+...#.......?s)...o*...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.PathTrimmingTextBlock.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):13264
                                                                                                                                                                                                                                    Entropy (8bit):6.163992056988666
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:Z7gBBjStEaqzyiDeM4ShvjAytX0sJ7JhFIYiYF8d7MG/oFCG:ZUPSodDeM4S5jXV7xJ3IYi3U
                                                                                                                                                                                                                                    MD5:B2078BAB3FECC14FA70699866AEECF31
                                                                                                                                                                                                                                    SHA1:8F9365F08C10A56B7896218BAD7A3A80CC82C184
                                                                                                                                                                                                                                    SHA-256:E22C081C966514CC9FCE7503B1766A982503C21C14E6F578E84EFA5CF77AC21E
                                                                                                                                                                                                                                    SHA-512:3702BFA7A3C22AFA01B038FDABFF265338420A68A1D350E7A35CAE049577119FDEBDA79F296A63C8BD87BC510B7C9D14509734ADB6CD28818576E51C7063C71B
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....!?`...........!................n8... ...@....... ....................................`................................. 8..K....@...............".......`.......6............................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B................P8......H.......@#................................................................(.....r...p.......s....(.....r...p.......s....(....*r.~....r'..p.(....s....(....*..o....,..~....r'..p.(....s....(....*6.~.....o....*F.~....o....t!...*.0..)........u......-.*..(....t!.....(....,.*..(....*....0..Y........o....t".....o......o....o ...(...+..o".....o#...o$....1..o#...o%....o#.......(....o&...*....0..~..........o'...-..*.(.......#............+6.o(.......o)...,..o*.....o+....Z....X....X...l0.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Atlassian.Utilities.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):9680
                                                                                                                                                                                                                                    Entropy (8bit):6.10312849522615
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:96:uZ0lA/sHJpO0tkb53/fLTd0PmfrrQG28cYG28CEQ9VgT3mUbxJ/MGzWyeT0IH:KkHJTqVPfVIYiYF8d7MG3eD
                                                                                                                                                                                                                                    MD5:5CCDD90F03E7F8D0F7D70306867A3116
                                                                                                                                                                                                                                    SHA1:A599DE7F488B371E7D238785BFDC46218F9BCF03
                                                                                                                                                                                                                                    SHA-256:BDB7E6A59855EA581D2D5C2D74B54246B3D9BA07DF1DD8B86B9E4625D181711D
                                                                                                                                                                                                                                    SHA-512:4B123DC0F5E373CFE66FB2EA16EA9ACD1434A9885DD5C3476A2D02694F1C0B346EC27A1237B0D76A3E446E8084DB76354D93C2E112FE4C1609328F434A2519A4
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&?`...........!................^*... ...@....... ....................................`..................................*..W....@..X....................`.......(............................................... ............... ..H............text...d.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................@*......H.......0!................................................................(....*.0..Q........-..*.(......A&.........../....\..o.......3.......X.o....2.~..........Xo........*..............A.....0..L........-..*.(......<&.........../....\..o.......3.~........-.~..........o........*...........<....BSJB............v4.0.30319......l...`...#~......x...#Strings....D.......#US.L.......#GUID...\...@...#Blob...........G.........%3........................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKit.Net.Api.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):35792
                                                                                                                                                                                                                                    Entropy (8bit):6.149186978314338
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:M0b0vnWjLciVowXRIh0Q8xjowWifwMlA42EQnrJSuEORpTIYicH73:Hb0vWjLcXw+0YMlA7EwFSuEORpcYiC
                                                                                                                                                                                                                                    MD5:CE843D4FBFACB8ADA19122577905EE00
                                                                                                                                                                                                                                    SHA1:966D7E7377C24E11F4C48BBA43CA72AA4B843AE6
                                                                                                                                                                                                                                    SHA-256:7E2F86DAC47BB1BDD73F8093F1F96E85A0DC164E490CACB01E3A29284233B82A
                                                                                                                                                                                                                                    SHA-512:FEB1B4271C96A7B2BC95467EB64E735A726152EA851A78632B06988CEF9DC54635DE745AFA76408DFDB904DB087CAA77466C5C9B38C39763CC0E60D11794ECB3
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..r..........".... ........... ....................................`....................................O.......l............z..................T............................................ ............... ..H............text...(q... ...r.................. ..`.rsrc...l............t..............@..@.reloc...............x..............@..B........................H........(...f..........................................................:.(......}....*..{....*..{....*:.(......}....*>..(......}....*..{....*..{....*..{....*..{....*z...(......}......}......}....*..(......}......}......}.......}.......}....*..{....*..{....*..{....*..{....*..{....*..{....*:.(......}....*......(......}......}......}....*..{....*..{....*..{....*..{....*..{....*..{....*..(......s+...}......}......}....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKit.Net.Refit.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):24528
                                                                                                                                                                                                                                    Entropy (8bit):6.02767802018614
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:Ip4MQbX720Ny73cDauFO+2PXjnqftN/k1L+tKVFMIYiDuzM:IZrc7o+Ez8D8L+CvYi4M
                                                                                                                                                                                                                                    MD5:C2457683806488F7031DD2BDA7D28241
                                                                                                                                                                                                                                    SHA1:72A027798A61A6858A64824D9EDBD544572CDB44
                                                                                                                                                                                                                                    SHA-256:25CB6DA01B47242D6F9C445892CE1DADEFC846C7BF098C1AF74E95978CF706BF
                                                                                                                                                                                                                                    SHA-512:96AF870EDDFDAE00D2E2217B96E90626DCB36C446B7BE20AC226E2B879176661EAE58E384D967B3D28D2E9D1444364ADA4C48EB2C9C43DFB8BCF961849ECF6B3
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..F..........Nd... ........... ..............................N.....`..................................c..O....................N...............b..T............................................ ............... ..H............text...TD... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B................-d......H........2.../............................................................(....*.0..B........(.....r...po....,....o.....Yo........s ...(!...(...+}......}....*j.(......(...+}......}....*..{....*..{....*....0..'........(.....(.........................o"...*..0..E.......s$...%r...p.o%............o&...o'...&...o%....o(....o)....o*...(....*f.(.....(...........o"...*R.(.....(......o$...*V.(.....(.......o&...*:.(+.....}....*....0..G.........(,...}.......}.......}.......}.......}....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKitServer.Net.Api.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):19920
                                                                                                                                                                                                                                    Entropy (8bit):6.028118469758349
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:kl+Ijm4ho6oWw03uIZ7Ujuz09IYiE0nOks:kAnUHoWw0emU3qYibOp
                                                                                                                                                                                                                                    MD5:E899D667785059EA7B77B0D1CB99F53E
                                                                                                                                                                                                                                    SHA1:D642E5FDDBD8FAB250DC696D22ACC6B1ABFBA838
                                                                                                                                                                                                                                    SHA-256:AF13E04C783AFCDE4B52BCBA818992D78D375202E7F63AE0E97AABA0AF0531D3
                                                                                                                                                                                                                                    SHA-512:1ADDA711801B88F498923CCC4270D5B02DD7E503E7FF183BE32A59D03DF31997EE382FACC60E7E72CD840C26EEA2958CDC16D891E0B5A67B420E16FA9CE8C920
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....&d.........." ..0..2...........P... ...`....... ...............................,....`..................................P..O....`..8............<..............hO............................................... ............... ..H............text....0... ...2.................. ..`.rsrc...8....`.......4..............@..@.reloc...............:..............@..B.................P......H.......,%..<*..........................................................F......(....(....*...0..$........o....o....(......|.....l(.........*.0..K........u............(....-.*..(........{....(.......(....j.&...(...........o....*v. ..........s ...}.....(!...*..{....*"..}....*..{....*"..}....*..{....*"..}....*.. ....s"...}......s"...}.....(#...*V.(#.....}......}....*..{....*..{....*..{....**.(.......*..{$...*"..}$...*..{%...*"..}%...*..{&...*"..}&...*..{'...*"..}'...*..{(...*"..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\BitbucKitServer.Net.Refit.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):27600
                                                                                                                                                                                                                                    Entropy (8bit):5.853380262261592
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:XwxHAOVSDGAa2OSEg/ox4c0WQ2sApidEDuNbWowh75VdMIYi6esai:XwhAOVSFapStM4cfQ20tNwh3vYi6qi
                                                                                                                                                                                                                                    MD5:51C6AD9B26460A2A747F907D04887EA7
                                                                                                                                                                                                                                    SHA1:431D920D76BB0911459BE5C755630EF00DB7DC07
                                                                                                                                                                                                                                    SHA-256:5689AF8D6372736A668C6A6408CFA6A4A4AFE227CC46751C9C550D695EC5336A
                                                                                                                                                                                                                                    SHA-512:0A5AA76D038D88A8611A65E6E8DC8ACFA07102A651652CC076C2F8280557229D8528ABABCA08EA03C794A6AF76745D9E61B085CD37F14731F165CE226CE38CDA
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....+d.........." ..0..P...........o... ........... ..............................p}....`..................................o..O.......L............Z..............`n............................................... ............... ..H............text....O... ...P.................. ..`.rsrc...L............R..............@..@.reloc...............X..............@..B.................o......H.......h4...9............................................................(....*.0..P.......so......}'....(..........(....(.....'...(....( .....C...(...+.(...+..{'...}....*.0..G.........(#...})......}+......}*......},......}(.....|).....(...+..|)...(%...*V.....(....(&........*&...('...*6.~.....(....*z..s....s(...%.s)...o*...(....*..(+.....(...+}......(...+}......(...+}......(...+}....*..{....*..{....*..{....*..{....*.r...p.....*.0..P........(+....-.r=..ps-...z.rM..po....,....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ColorCode.Core.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):108496
                                                                                                                                                                                                                                    Entropy (8bit):4.995043749275773
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:GZQRiPtv8TSOIa9uUV42Ny6wLUy9bB41C2q/qCFDyU6C1TUW5y9kXgYyGFkRBpEd:SbcpG1KYSri3eq
                                                                                                                                                                                                                                    MD5:A0F2BBDD2629C85247FFC240579A878A
                                                                                                                                                                                                                                    SHA1:45011BCC3AF008827344A2918B882AC1DA91F48A
                                                                                                                                                                                                                                    SHA-256:193927C7D2FD84767B1BA8E72C3EA5CB5188EEA2ECC45053E2E5E9AA7CEE1E2B
                                                                                                                                                                                                                                    SHA-512:6CEA5AB667669047C8E34DD46AA73F9EB32E80E941AE9BADCF4CD6D4C681592AAFC265ACA3DDFF6D60FE89F69E34ABED693D04559ABF146AD7B58FFA2FFD9A45
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(u..........." ..0.................. ........... ...............................<....@.....................................O......................................T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......4o...9............................................................(....*..(......%-.&~....s]...~....s=...}......%-.&(:...}....*..(.....r...p(.....r...p(...+..(......(....*..{....*"..}....*..{....*"..}....*....0..........s.........s.........~....s.........(...+(...+(...+(...+(...+(...+(...+(...+(...+(...+(...+(...+(...+(...+(...+(...+(...+(...+(...+(...+(...+(...+*.~....o ...*B~....r...po!...*B~....r)..po!...*B~....r3..po!...*B~....r=..po!...*B~....rO..po!...*B~....ri.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DeltaCompressionDotNet.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):10704
                                                                                                                                                                                                                                    Entropy (8bit):6.17841426138857
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:cLXax+3b55Bc+p4VNI2FIoCd2IYiYF8d7MGT+h:kX3BsGSCYIYiL+h
                                                                                                                                                                                                                                    MD5:A1B570F06FEC2E4A1843588944CA4B02
                                                                                                                                                                                                                                    SHA1:89CCA9D7A67A3901B86C089A868C25BDEB438A5E
                                                                                                                                                                                                                                    SHA-256:A1E1C39FA06BD149CA0A8E230B5303FEEEE408BFBE4173F462F6EC06D5084EE2
                                                                                                                                                                                                                                    SHA-512:B570DB52D2538CA5215E5A8620D8B59BC67BEF56A9CC839B75B6440EC19F721D3E7481F8A61372395BAEC59026F2CB61C0DBE828C59CA133D1A0DBFADA1CBE81
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....(............" ..0............../... ...@....... ....................................@.................................6/..O....@.......................`......,...T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................j/......H.......(!................................................................(....*^.(...........%...}....*:.(......}....*:.(......}....*...0..........~..........(....-.s....z*J....(....-.s....z*..(....*.0..0...............~.......j ....j.j....... .(....-.s....z*N.j...(....-.s....z*..(....*BSJB............v2.0.50727......l.......#~..8.......#Strings....T.......#US.X.......#GUID...h.......#Blob...........W?.........3................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DesktopBridge.Helpers.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):9680
                                                                                                                                                                                                                                    Entropy (8bit):6.1709589897310035
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:96:Up78Tl8VZze9+7tzsttkdtSzGhdoAw/UoujuuTd0PmfrrQG28cYG28CEQ9VgT3mB:k8OK9+pzO0szGhgcxuOIYiYF8d7MGM1l
                                                                                                                                                                                                                                    MD5:73BA2E0907D6BCCCE36E841CA9263691
                                                                                                                                                                                                                                    SHA1:5EF0DF27A89A4DBF51C75BB8FF6D696BBDA62C41
                                                                                                                                                                                                                                    SHA-256:E311B1081B9A5E8272D703F7D7788D9FA3914AC47BFAF2A18BECA9BEC89063CD
                                                                                                                                                                                                                                    SHA-512:6BA29BD6B46075638578F56AE13C7C9F399FB96004A59AACC30842401ED9001F8943017BC06A32436BAAC93FC1CDAF70D557F32668FA2CDF13CD64FD538B852C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............)... ...@....... ....................................`.................................|)..O....@.......................`......X(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........!..X............................................................0..H.........(......,....+6....s........(.......s........(........j T=..j......+..*.0..E........(....o....o.....(....o....o......l.l#......$@[X..#ffffff.@......+..*".(.....*..BSJB............v4.0.30319......l...,...#~..........#Strings............#US.........#GUID...........#Blob...........W..........3....................................................................................(.....z.....e.x.....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DevOne.Security.Cryptography.BCrypt.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):18896
                                                                                                                                                                                                                                    Entropy (8bit):6.637037997881105
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:miJpJgLa0MpTnBE/H1X03RrsZ0o6Jry2DIYiB5:7gLa11nY0JVHyXYin
                                                                                                                                                                                                                                    MD5:CAE134B57E6F79DF353F8E423DB8EF18
                                                                                                                                                                                                                                    SHA1:8BD11B9DA89959E4590FA5C558223EC5FBA4D190
                                                                                                                                                                                                                                    SHA-256:F66AF311F9344B3EC7321442BDE724A9AC5F2FE79CF4B9076A2BD89A06AB046B
                                                                                                                                                                                                                                    SHA-512:5C0C91C54F96FD1B611140E7B960049DB5CC7B6B37D6C87779BAEAF6B0A3EC53F5A6C48A7FB5928EE95CA952F1438316109EC2B6D1594967C97738D02D36AA94
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....4M...........!.................M... ...`....@.. ..............................gp....@.................................XM..S....`...............8............................................................... ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B.................M......H.......`=................................................................/.A.B.C.D.E.F.G.H.I.J.K.L.M.N.O.P.Q.R.S.T.U.V.W.X.Y.Z.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.0.1.2.3.4.5.6.7.8.9.hprOBnaeloheSredDyrctbuo................................................................................................................................................................................................6...7...8...9...:...;...<...=...>...?...........................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Dragablz.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):243664
                                                                                                                                                                                                                                    Entropy (8bit):6.298768551530496
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:8TuK/5J3BPYcKHJv8ahfgfkMMafGfCfDf2fEj:8KKhP+Dhfgf7fGfCfDf2f+
                                                                                                                                                                                                                                    MD5:28634F2D641BF538FC9F81247377D8FE
                                                                                                                                                                                                                                    SHA1:5FBB6AD257035447AF7DDC24CD737BE2D772B440
                                                                                                                                                                                                                                    SHA-256:D73ABDBD3E85F1DB758052069E4A3A05FF3F2F2FADCFD6E47B1E452EAA86015B
                                                                                                                                                                                                                                    SHA-512:BE86469CD482A76285534AA41ED878C5C8513EA730E2604A9D9B71E7EA637CF7B1EDCC7023EFD8633A46A782B5EADDBC995A6EF5044512ED32A1AAFDDDC01FE6
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0.................. ........... ....................................`.................................0...O...................................`...T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................d.......H............................,............................................{-...*:.(......}-...*..0..#........u......,.(/....{-....{-...o0...*.*v .c} )UU.Z(/....{-...o1...X*....0..:........r...p......%..{-......%q.........-.&.+.......o2....(3...*..{4...*..{5...*V.(......}4.....}5...*.0..;........u......,/(/....{4....{4...o0...,.(6....{5....{5...o7...*.*. ..|. )UU.Z(/....{4...o1...X )UU.Z(6....{5...o8...X*.0..b........r'..p......%..{4......%q.........-.&.+.......o2....%..{5...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\DynamicData.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):670672
                                                                                                                                                                                                                                    Entropy (8bit):6.368886802659849
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:12288:s6aDgncdXWd2oNp8LR0xbg3xBRBtPBvksWrrkwqEd/:hncdXWR/i0eLRBtPBvksWRqA/
                                                                                                                                                                                                                                    MD5:70C982777161FAB744664AACA2488FD2
                                                                                                                                                                                                                                    SHA1:E23A269EA4763382472A694B2F1D23B62EC47E96
                                                                                                                                                                                                                                    SHA-256:108DAD354C8DA4F5A7DB81562898E8DDC3E8CA2DB8119417B758CDBE5E9BEC4D
                                                                                                                                                                                                                                    SHA-512:2F15479E8150FCF9BEA7EA76FC6649BA3FBAB4F902DE743CAC69FBFA61A8249EDB0410D82D6DB802B690F529C0FEC98994A4F2EC918BFFCDBC9E5F28F1DCC96E
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x............" ..0.............n<... ...@....... ..............................>U....`..................................<..O....@...............*.......`..........p............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......(..............@..B................O<......H.......P...XI............................................................{;...*..{<...*V.(=.....};.....}<...*...0..;........u......,/(>....{;....{;...o?...,.(@....{<....{<...oA...*.*. .... )UU.Z(>....{;...oB...X )UU.Z(@....{<...oC...X*.0...........r...p......%..{;....................-.q.............-.&.+.......oD....%..{<....................-.q.............-.&.+.......oD....(E...*..{F...*..{G...*V.(=.....}F.....}G...*...0..;........u......,/(>....{F....{F...o?...,.(@....{G..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\EncodingTools.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):35280
                                                                                                                                                                                                                                    Entropy (8bit):6.056712681677942
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:mP1uBUascuWm1TGwwqUGU+ZjrnXi/VYiE:39uJw7GUY3nYV7E
                                                                                                                                                                                                                                    MD5:2D83AB259471963BA157A59EA8483AE0
                                                                                                                                                                                                                                    SHA1:0405244BAAC6606B4E6F2891A6454AF080BE2C63
                                                                                                                                                                                                                                    SHA-256:ADC53770AB1B534A7E84908960D61D93D27535EE5D09BE3EE54536C23A03E9FE
                                                                                                                                                                                                                                    SHA-512:C167262D5761EF80F44F31E76618EBF74BEED983D3DB92EAF22105CFCB7321B0775D50AC331F2BD0AC00F03631FA79C4820A3EA056C3B6DE0CD9130A48B934E1
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....KK`...........!.....p............... ........... ..............................y.....@.................................L...O.......(............x............................................................... ............... ..H............text....n... ...p.................. ..`.rsrc...(............r..............@..@.reloc...............v..............@..B........................H........(..@d...........................................................0..........(...............s.....s.....s......(....o....o.....(....o....o.....(....o....o.....~....o....o....~....o...., .~....o....o.....~....o....o..... ,...o..... ,...o.....(....o....o....(.........+?........o....o....-%.o....(........o.....i.1...o....o.......X.......i2..o ........(.........+R.........o!...o....,7...o....o....-....o....o......o.... ....0....o....o.......X.......i2.(.........+R........

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\GitLabApiClient.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):144336
                                                                                                                                                                                                                                    Entropy (8bit):6.174993370703186
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:7fFwQmuVeEp8ARoFjKxS8Zqod+nMXOW5GvrFInf+/akXrxQyHsgrhbr0Zo/pPRXM:7MuVz1C+lYF0nkXXOS1V7S
                                                                                                                                                                                                                                    MD5:1ADAEFBA9C6F7E8BB96E7B1248EEC61F
                                                                                                                                                                                                                                    SHA1:1049A21D4C9B8424092884421DB506E563A0473B
                                                                                                                                                                                                                                    SHA-256:4346B4AD2D3938C272658C5CEF5832DFCF72D8850AC0B88EB3F9640B57282A89
                                                                                                                                                                                                                                    SHA-512:71A93EE3519AE551659113184A32C1289C806C86DA7C15DF66D8AE0328B0F3EA174BBBC200FB9D04DD550F9A0F14C39F7755692FEC45461AC3E61265F875B6D0
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............9... ...@....... ...............................P....@..................................9..O....@...............".......`.......8..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................9......H.......................................................................0...........(.....r...p.(.....r...p(...+..}....sT......(......s@...}....s"....s.....s.....s......s......s......s......s......s........{........s ...}......{........s+...}......{.......s2...}......{....sD...}......{..........s....}....*..{....*..{....*..{....*..{....*..{....*..{....*..r9..p.(.....rK..p.(.....{......oH...*..r]..p.o....-..r]..p(.......ra..p.o....-..ra..p(.......*:.(......}....*>..(......}..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\GongSolutions.Wpf.DragDrop.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):110904
                                                                                                                                                                                                                                    Entropy (8bit):6.253214137512454
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:QzxuS44j1DkuoIHuFDLe4OThhOFLHyDkiEo+jK7G:QES4wNS/sXOFLHyDkiujK7
                                                                                                                                                                                                                                    MD5:31C8B0FC79D9EC1B1CD4E57CE74C3560
                                                                                                                                                                                                                                    SHA1:FEB1663C85DA937FA94D6EC0F1C1D96B3B1C0496
                                                                                                                                                                                                                                    SHA-256:ABB63FDF8125A59096918778E4C1F9AFDAC3FE08B37C700895BFAFDD8B63ABFC
                                                                                                                                                                                                                                    SHA-512:B8280877AF5C1B9A925ABB4CF562003A82D8CDD9A84B5C76A456B5439B7B59C826AEAC4EA9C84C8E37A8D37ED53F48334ECF23EB31BC31CD2FE3086379A8F70E
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....v............" ..0.............:.... ........... ...................................`....................................O.......................8...............T............................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......0...............@...@............................................0..^........oI...(....(...+(...+..o#....1...o@...+#.(...+...u......,..u....,..+..o@.....o?...-..+..oD...*..*.*.*.*..*..(%...*...0...........-..+..o]...-..*.ov...-..*.or..............(&...,..ok...u.......+....,..ok....o]...oL...3..*.oe...-..*.o]...oF....oe...3..oe...(.........*.oe....o[...(....,..ok....o]...oL...(.........*.*..0...........u......,..u....-..*..(...+*.0..0........-.r...ps(...z.-.r...ps(...z

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\HtmlAgilityPack.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):174032
                                                                                                                                                                                                                                    Entropy (8bit):5.691540264774208
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:4KAQHcvuAGimooRjc48chGlj6qXoUMGYhYAFBZedhwFv9Lli:I1vuAGMo3slToUMDqs2
                                                                                                                                                                                                                                    MD5:7EEBBB290DD964E8BFE3C77A7C575113
                                                                                                                                                                                                                                    SHA1:75F14FDD9E98C4E579A965167CE114698A5CB211
                                                                                                                                                                                                                                    SHA-256:C4036DD16500E388E448EB1BBEB95D86A47E5816D2AFDE75F18CE9DAF66ED44C
                                                                                                                                                                                                                                    SHA-512:0FABE70B5FF3FE261D13DB48FBF9E4F47B706495C640A9EFD2E3519D45DFDBF9DBE767D6E48D7D3166C1F8F713DB38C6827BEC8FDF000461B6691CF0317632B1
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c.........." ..0.............V.... ........... ...................................`.....................................O................................................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................8.......H.......h>...e..................L.........................................{....*"..}....*....0..#...........i...+...Y.....(.......X...0..f*..0..>..........o0......+*..Y...o1...% ...._...c..(.......(.......X...0..f*&...(....*.0..:........ ...._....c.....{....(....}.......{....(....}.....{....f*R~......a ...._...da*..(2...*n .........%.....(3........*:.(4.....}....*..{....*V..}.....(2.....}....*..{....*"..}....*..{....*..{....*..{....*....0..3..........|....(5...,..|....(6....+

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Kent.Boogaart.Converters.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):57296
                                                                                                                                                                                                                                    Entropy (8bit):5.975232508826516
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:wtI2w9GZOqtu8K4VZs5xeVRYsHWf+Ga/zw4zQDYiHI:unZOqtAWZsgeF+Ga7wKQD7HI
                                                                                                                                                                                                                                    MD5:97310801A7D52B517AD7BF71F6229707
                                                                                                                                                                                                                                    SHA1:FCEB0986C0E37AC3C244218ECE0B1B92A03CE315
                                                                                                                                                                                                                                    SHA-256:69A7B655F96E2F7B4FB938639AEC474CE7F88A8F908350798BB827628ACDAF7C
                                                                                                                                                                                                                                    SHA-512:87054E17AD506D6221C99119373861C1B647EFF604BCCE8153833189A9FD1398BEAF508B9C0521CE8613DCF59BC687699709ABDE6C0B9A6B1429FA739D961C8B
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^.XQ...........!..................... ........... .......................@.......]....`.................................\...O.......@.................... ......$................................................ ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc....... ......................@..B........................H........t..,m...........Y..o...P ..............................................(....8gW.9.\2.&}.!.)a.t..\.._e0....M..&..r.I......V...M=.P.....u.5...=Of..|k...+q.(.2.>jI..v...u,....a.[.....L.R..(....*V.(......}......}....*..{....*"..}....*..{....*"..}....*.0..5........(....(......(....,.......,...6...*.(....-..+...6...*....0...........u6...-.~....*..6..........(....,........8...*..(....*:.(......(....*V.(......(......(....*..{....*..0..#........r...p................(.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Kent.Boogaart.HelperTrinity.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):24016
                                                                                                                                                                                                                                    Entropy (8bit):5.97071903353628
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:qDFjvbOk6ZlygjflGgnf1fpfA+fZO265ytZ8oDtzpd2zLE9UFIYikZex:Qg9lBppIIOHuzKzVyYiH
                                                                                                                                                                                                                                    MD5:2B5802E0C35C56B8354F73C1DA0F716F
                                                                                                                                                                                                                                    SHA1:74EB028A2A49FA6BB0C8474CFAA58A04FE7A15B2
                                                                                                                                                                                                                                    SHA-256:BA13636BB7532BE5251752BC42A698E4D3BD8DDC97CDC1826295AD491A7005A5
                                                                                                                                                                                                                                    SHA-512:C6191EDB7838DDCB3F5F04A0C12DA1E64AF9D519951234867C7D06B83E926035ECFECCD78A66461AC8830BC008F723966A203A9DE625D1026F153EFAC56766A0
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....UQ...........!.....B...........a... ........... ..............................u.....`.................................Pa..K.......h............L...............`............................................... ............... ..H............text....A... ...B.................. ..`.rsrc...h............D..............@..@.reloc...............J..............@..B.................a......H............2..................P ......................................)..T....9t.g.k,..}4.S..'..........-..z..?...G.2.t,....T....2.........vR...s.. ..Ez.....#.......%.&.M.....$7n..`....H.......B......-..s....z*F..(....-..s....z*..0..?............(......o....,..o....,#.o.........(....(....,........(...+*..0..T.........(...+.,I.....(....(....,8.o ....+..o!..........-.r...p.s"...z.o#...-....,..o$....*......".'I......&...(....*..(%...-..,..(....,.rS..p.s"...z*b.,..o&...-.r

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\LibGit2Sharp.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):425424
                                                                                                                                                                                                                                    Entropy (8bit):5.903117978778483
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:12288:iD5duehhgylZvzJEViCuYMaL4rlpiZgazNHFkFClIwGt:V+RvzJEViCuYMaL4rlpiZgazNHFkFhww
                                                                                                                                                                                                                                    MD5:859DFBF1F1722DF7F0194290EDE5BC24
                                                                                                                                                                                                                                    SHA1:C28AC392D9C476E2D688E97997A696028FEE0E52
                                                                                                                                                                                                                                    SHA-256:6E24A2C8042689328C1AE12D7A6AAD8F7F41CE43F68D8FF7CE5F5E8C4BF6077A
                                                                                                                                                                                                                                    SHA-512:B3165DF1B53BA514582ECDC288EC94467DFDCA4CC9F79C09D8A955F3B87DBE3C34CF3A25E11FA10AFAD2BDEEF225DB414820BD4B3467AFDA7204BA5525ACECC4
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....bJ..........." ..0..b..........^.... ........... ..............................x.....`.....................................O....................l..............0...T............................................ ............... ..H............text...da... ...b.................. ..`.rsrc................d..............@..@.reloc...............j..............@..B................@.......H.........................................................................(2...*..(2...*..(2.....(......(......(......(.......(....*J.....(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*"..(....*:...(3...(....*&...(....*&...(....*.*.*.....o......r...p.(........o....*....0..d........o4....+F.o#.......o\...(5.....o.....oZ... .@..3...o_...t......o\...(5....(.....o....-....,..o.....*........RY........(2...*..(....*"..(....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Alm.Authentication.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):63200
                                                                                                                                                                                                                                    Entropy (8bit):6.346255601244274
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:mRzXUJeFqqSd2L3CBEjLAIzLGQwFR0eclAb3CZGAwIUVi2Lc:mJUJMSla8IzL1wFRclAOwAwPVVc
                                                                                                                                                                                                                                    MD5:DCF48EE9741E49FBBA81D69F2E7419CF
                                                                                                                                                                                                                                    SHA1:0AD6B57588D0C0A2BE025A3FF82C8E96ECADF38E
                                                                                                                                                                                                                                    SHA-256:19EDA19CEBBC02515886434DE7DD46F17D17808E3F49C3B359CC74D81ADD2E4F
                                                                                                                                                                                                                                    SHA-512:036D10390782A343B2CE209F024B1DFC9902D054B4BC859C77CA24E613324DF2B2BE066ABE41E60B255C0E1F153168452857E025BCD21D7BAB4B820724147D84
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z..Z.........." ..0.................. ........... ....................... ............`.................................<...O........................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................p.......H........C...............................................................0..5.......~..........(....~....-.(.........~........,..(......*...........!).......0..#.......~..........(.............,..(.....*..................0..........(....%-.&.....(....o ...o!...%o"....o#....r...p......%...%.($...o%....%.($...o&....G....%.('...-.rU..p+.r]..p.%.((....o)....%...o)....(*...*F......s+........*..(.....(,...,..s-...z..}......%-.&.......s....}....*&...(....*..(.....-.re..ps-...z..ok..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Alm.Git.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):45240
                                                                                                                                                                                                                                    Entropy (8bit):6.461034174357296
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:ikJLtk2TE6JyENvC3U3+fLMO7IeUlViExYLE:ikTpB+fLBZUlVGE
                                                                                                                                                                                                                                    MD5:0947310E2685AEC0D6880A4F1D386CDF
                                                                                                                                                                                                                                    SHA1:B2C7EC660E8DEA4DB1AD3BFC9F56925FAD13EB98
                                                                                                                                                                                                                                    SHA-256:CAE5D4E1291CC766998106491D5B6369F3CB39D016DA27F6D472C9F629736E1E
                                                                                                                                                                                                                                    SHA-512:0567AACD884AD384261BCFB42E3B338F984744E2D7A57311EF8A3A2D0236D1797456E113CA85565E39AC11CF5A0EB170AB43275C091B88923B3819970EA59A43
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..h............... ........... ....................................`....................................O.......@............r...>........................................................... ............... ..H............text...<g... ...h.................. ..`.rsrc...@............j..............@..@.reloc...............p..............@..B........................H........A...C...........................................................0..h........s%...%.~7...s&...o'...%..~7...s&...o'...%.~7...s&...o'...%.~7...s&...o'...%.~7...s&...o'...}.....((...*.0...........s%...%.~7...s&...o'...%..~7...s&...o'...%.~7...s&...o'...%.~7...s&...o'...%.~7...s&...o'...}.....((....-.r...ps)...z..o*...s+...}.....o,....+k..(-....(....s&......(/...o0....+...(1........(2.....(3...o4.....(5...-...........o......{......(6....o'.....(7...-...........o.....*....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Alm.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):18896
                                                                                                                                                                                                                                    Entropy (8bit):6.1009512384148445
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:/JhkG0wKV9VMWV7C+HdtJEmLSUSmhta8EwoWgN4IYibXSU2:/p0PFVBT2IdEw6hYijSU2
                                                                                                                                                                                                                                    MD5:E99872DB68D38DACBA02CE3903F47902
                                                                                                                                                                                                                                    SHA1:367A53EED47952FF0C23126AC655EC2512DAF4EA
                                                                                                                                                                                                                                    SHA-256:CDCF8C7DD5142E006766A4DDE9E6E69A42EBB15323F36C6BB32F6B7B690FF867
                                                                                                                                                                                                                                    SHA-512:B1EFD143B74DBBDF352C674D2AC72FFC42FF4BC9C4D81439B16E8EEC9FEECB20306EBA9B910D6A0942A8BC2C34FB2C007676E9D23E762C6E2FEF1E94045FFC0A
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........." ..0..............M... ...`....... ..............................(.....`.................................|M..O....`...............8..............DL............................................... ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B.................M......H.......p%...&...........................................................0..0........................(....%........,6.~....r...p.(....r9..p(....(...+(........Q...Q........ ....s..... ....s..... ....s......o.......o.......o.......K...........(...........,9....Q...Q(.....~....rA..p.(....r9..p(....(...+(.........I~....rw..p(...+(........o....Q...o....Q.......~....(........,...(..........*A............................0...................,.r...ps....z........,.r...ps....z.........

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Expression.Interactions.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):96208
                                                                                                                                                                                                                                    Entropy (8bit):5.967357325749357
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:qrf5GttgxHXEuRmG5rtkGY4CEmWAxXSSYhhS98ca2Wvsd65FJDlGWwkEy27P:C5GttWHXEUx5r65LxXshk8JDIWP27
                                                                                                                                                                                                                                    MD5:B296A9FA041EF373458F49605808D684
                                                                                                                                                                                                                                    SHA1:F798E549F4365BD45C9637C369BFB22B36F5099F
                                                                                                                                                                                                                                    SHA-256:214B7397FD055DE16DB60BF399B6DCADA2C3C5B10CE4ABD125005D1BDC4416D7
                                                                                                                                                                                                                                    SHA-512:618C2C92FD53908B91609619C7B0C70B3580203C7C2AE7A46D9D16FFB265AC57FDCFF675A816C40505B6A3729F96912DD861291635B134B6D02611AE5123308E
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...eu.K...........!.....\...........z... ........@.. ..............................)$....@..................................y..K....................f...............x............................................... ............... ..H............text...$Z... ...\.................. ..`.rsrc................^..............@..@.reloc...............d..............@..B.................z......H...........L...........x...1...P ........................................z...y.k.....bdd I..`..).PsR@... .aL...%:...y.....XDgM.X}..~)2.v-..4..........EAZZ...,..[..H...o5*C.o...5/I.m.!2...#.:.(......}....*:.(......}....*...0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*"..(....*"..(....*..*..{....,..{.....o....*.{....o....*2.~....(....*6.~.....(....*F.~....(....td...*6.~.....(....*J.(.....s ...}....*F.(...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Configuration.Abstractions.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):20544
                                                                                                                                                                                                                                    Entropy (8bit):6.39336708356651
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:0aEsyjAb8TG/ZvozRjz6r5c3JABzWSPTWC4c4HRN7+eRl3t3MmW:0b/Q4JApaB+eKJ
                                                                                                                                                                                                                                    MD5:D8E064AD8F2419F204723CF7CAA7AB0B
                                                                                                                                                                                                                                    SHA1:F19F20D758DAE8563FC4914C737E06F1292F58E2
                                                                                                                                                                                                                                    SHA-256:32CCDB2AB4348F195D247F920D1432C0CBB1CC5FD548FEC8EE562C438AA48849
                                                                                                                                                                                                                                    SHA-512:B2ED620BC914433435E655F7A1C956735F959C3E8C60A182D96AB0A59A54C81FFA0C52214D88C6E48CA82E198AD7E9FCB603D6DC017EC64399FCF40D3178C341
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............." ..0.. ...........>... ...@....... ....................................@.................................k>..O....@...............,..@$...`......\=..T............................................ ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......*..............@..B.................>......H.......T#.......................<.......................................0..........(...+..,...o...........o....*v.-..*.r...po....%-.&.*.o....*"..(....*Z..s ...%.}....%.}....*n.-..*.o....-..o....(...+*.*j.-.r%..ps....z~.....( ...*j.-.r%..ps....z~.....(!...*....0..'........("...,..*.~.....o#...........Xo$...*.*..0..&........("...,..*.~.....o#...........o%...*.*.r?..p.....*f.(&.....}.....('...}....*.*...0..&........{......,...;.....*..}.....s(...}.....{.....{....o)....{....u...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Configuration.Binder.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):25664
                                                                                                                                                                                                                                    Entropy (8bit):6.321742244690199
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:IUUSzG5Eiqu07TKQ2Eqjy9gZ7cFq+33XBhzWcvGWCPc4HRN7gwslHa83//:IUUUG5Ezu0vKDEZjHnRnIBU
                                                                                                                                                                                                                                    MD5:3FC2AA5A1717ACCF911040B215BCE29E
                                                                                                                                                                                                                                    SHA1:4B70D0392884C1DFD5EC66242EF58F7F804F58E8
                                                                                                                                                                                                                                    SHA-256:8D0BBBD3DA37805186B4958E9EB8C7DA038A759176E26EAE64DBDEA75E535AD2
                                                                                                                                                                                                                                    SHA-512:C74240A310AD5F236A805B40C8C407F0BF501BA6664E259FFF610DEA0D0148628DF01EA96DD1D03A7C6CB01C7F59D374CB9B2E613A0B93813CC590AEAF0E2D4B
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...pZ............" ..0..6..........NT... ...`....... ....................................@..................................S..O....`...............@..@$...........R..T............................................ ............... ..H............text...T4... ...6.................. ..`.rsrc........`.......8..............@..@.reloc...............>..............@..B................/T......H........+..,#...........N......xR........................................{....*"..}....*..(....*..~....%-.&~..........s....%.....(...+*.0..4........-.r...ps....z......(.....(......-..........*......*...~....%-.&~......-...s....%.....(....*.0..(........-.r...ps....zs......,...o........(....*:..o.....(....*...~....%-.&~..........s....%.....(....*..0..1........-.r...ps....z.,.s......,...o.....o.......(....&*....0.....................(...+*v......(...........(.........**....(...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Configuration.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):26176
                                                                                                                                                                                                                                    Entropy (8bit):6.373614376396436
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:kfCpdoVDPMbHdJs2tIY+UMg3f/baO+U07zWX1VWWC/2c4HRN7v0Hll3t3Mma:rpduwBD2peM9c62Bv0HOp
                                                                                                                                                                                                                                    MD5:BA5145200FCEA6B50A2223F98B468BD3
                                                                                                                                                                                                                                    SHA1:7AF4F0B8A4A7B75763BBC72C5C3EDF3D85FD8A50
                                                                                                                                                                                                                                    SHA-256:5971CA80CF7EC34845334C9734542CD4DE2548FB15192A19E6DF3272019E6317
                                                                                                                                                                                                                                    SHA-512:3E442028CB9208B1925D53BC3F0146FA832E1A912B8C09DACC6B5EE419C78931E4B5E256D58299A3ADB9F54B2A66F24E454BE74017FD0F0E2FBE5B7E98ADA464
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!............." ..0..8..........FV... ...`....... ....................................@..................................U..O....`...............B..@$...........T..T............................................ ............... ..H............text...L6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B................%V......H........*...(..........<S..@...|T........................................-.r...ps....z.-.r+..ps....z.s....%.o....o....&.*..(.....-.r9..ps....z.o....-.rG..ps....z..o....}....*f..{.....o....Q.P(.......*:.{......o....*2.{....o....*.*..0...........,..{.....o......+..{....o.....s....%.~....%-.&~......I...s....%.....(...+o!....(...+~....%-.&~......J...s#...%.....(....(...+*..{....*"..}....*..s....*..(....*..{....*..{....*r.-.r9..ps....z.(.....o%....*....0..C.......s&.....(....o'..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.DependencyInjection.Abstractions.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):37440
                                                                                                                                                                                                                                    Entropy (8bit):6.081048090601344
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:23VVPCLgCcYGJiHB/lWnQV46YlER0+NUoiw+NTzW4/LWCdc4HRN7F3lvMhbAtTSw:CbPmgC4iHVYQVTFN+w+N5LBFI
                                                                                                                                                                                                                                    MD5:BD0CB2BC62A2485E93AA36FA6941C0CE
                                                                                                                                                                                                                                    SHA1:453CFC5D9A9CB9C54EC38FEF07D7BB3289484C7E
                                                                                                                                                                                                                                    SHA-256:4CBAFB5C80B11692638D857C0227429F56CD27DEE8FBF85B75CB1A98C8A86F84
                                                                                                                                                                                                                                    SHA-512:14C74166CD8F010CC6F0C496931E0AD11B9292E35FD3C899620980432C191EF4E44A44100D675B5D288BC779FE850E0727E161EE718CAA60D1FDE286BD65A8AA
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~............" ..0..b.............. ........... ....................................@.....................................O....................n..@$..........p...T............................................ ............... ..H............text....`... ...b.................. ..`.rsrc................d..............@..@.reloc...............l..............@..B........................H.......(;..H?..........pz.......~.......................................0..j...........Q.o.......u/...%-.&.+.&.o.....0...(....(.........&.......,).,...o....Q.P-..o....o....,...o....(....Q.*...........5........(....*.0..@........-.r...ps....z..(....,.r...ps....z..(....,.r+..ps....z....(....*..-.r...ps....z..(....,.r...ps....z.-.rQ..ps....z....( ...*..-.r...ps....z......(.........(....(....*..-.r...ps....z..(....,.r...ps....z...(....*~.-.r...ps....z......(....(....*..-.r...ps.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.Abstractions.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):48192
                                                                                                                                                                                                                                    Entropy (8bit):6.169380663324594
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:YoodqqiKSspOLEJ13avFuitiPiXGydvQmwBjwu:YvdqqiKS1QJ5a9tt6KQmwBEu
                                                                                                                                                                                                                                    MD5:FA43B31FAC519D4537325B2D77595C3F
                                                                                                                                                                                                                                    SHA1:DC3C0912D2275684A95816401F63E155FE2B5ED1
                                                                                                                                                                                                                                    SHA-256:CE4721EB7591C77EC23650C079C25730BC9E4F2AF440ED0CE913258151434CDA
                                                                                                                                                                                                                                    SHA-512:E9E050EC7BD310CE3C5C13AC7F3849DD96EE34CA68A91956B956EEF6C228A23D790736D05F07562B039A888471F823107D11384E72E172F505192964680335F4
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....]?..........." ..0.................. ........... ....................................@.....................................O.......................@$..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......4C..hd..................,.........................................(....*..(....*"..s....*&...(....*2...(.......*>..}......}....*..{....*..{....*.0...........(....%-.&.(.......(....*B.(......(......*...0.. ........-..*.%.u....,..........(....*.*..(....*6.......(1...*......(/...*......(0...**....(....*6.......(1...*......(/...*......(0...**....(....*6.......(1...*......(/...*......(0...**....(....*6.......(1...*......(/...*......(0...**....(....*6.......(1...*......(/..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.Configuration.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):19512
                                                                                                                                                                                                                                    Entropy (8bit):6.434941067394356
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:txW2pGWDDCDzWvsdU7vWCYc4HRN7klJYd:txGMCldU7WB80
                                                                                                                                                                                                                                    MD5:E5F2FFDBC4FCAACF340B91F053C46EAE
                                                                                                                                                                                                                                    SHA1:7C6FEB093491B4D176078DBF593DDE72A1DB2BB6
                                                                                                                                                                                                                                    SHA-256:A8C77C08313162C1A990B032E676806D202A658049A539D30DA3F74A980BCBBE
                                                                                                                                                                                                                                    SHA-512:947A95F696F887A3B2B666F0366A7170C4C68DC505467D4C0C91FFA922119C8B7230286348C942ABFADD400496115B75D4C3EE8E284A5BE21FBAF2EC45E3339D
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............<... ...@....... ...............................1....@..................................;..O....@..H............(..8$...`.......:..T............................................ ............... ..H............text...4.... ...................... ..`.rsrc...H....@....... ..............@..@.reloc.......`.......&..............@..B.................<......H.......0#..$...................T:......................................:.(......}....*"..(....*.0..u........{....-.*.{....o....o.....+D.o......o....r...p.o....,.....(....+..r...po......,..o.........(.....o....-....,..o.....*...........Pj.......0..p.........(....o.....+L.o.......(......(....,5..(......r...p.o....,......s.....s ......o!.....o"....o....-....,..o.....*........Xe........(#...,...T.*...(...+,..*r#..p.rO..p(%...s&...z..(.....o'....s....(...+&.o'....s)...(...+&.o'..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.Console.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):34360
                                                                                                                                                                                                                                    Entropy (8bit):6.288208808811307
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:dHR6lhEaSgIyItdWZJpH8hkuzdwb7jBo0:dx6zvIyOWruz0fBo0
                                                                                                                                                                                                                                    MD5:2BC8C0B10B63B68395A98E82A171E442
                                                                                                                                                                                                                                    SHA1:8B5123B0BE66BE6DAAB4EAB65A46E43C89C5F590
                                                                                                                                                                                                                                    SHA-256:C10EC1D9FDBD7F1E9134CBD401954CE7B0B32E2407C0F99DA6AA9620716B6165
                                                                                                                                                                                                                                    SHA-512:059AC62A273C969040271B3F44C358E68D2ADBBACDD23E70DFE5DF809A314C1BBC4A880ED84507A07D2FA87E6A0596B59CE215A9EC3D95D5C4B90E83EE7ED050
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....OV..........." ..0..X...........w... ........... ...............................o....@..................................w..O.......H............b..8$...........v..T............................................ ............... ..H............text....W... ...X.................. ..`.rsrc...H............Z..............@..@.reloc...............`..............@..B.................w......H.......L3...B..................(v........................................(....*..(....*..( ....o!...(...+(#....o!...(...+(#....o!...(...+(#....*..-.r...ps$...z.(....&.o!....(...+&.*"..(....*..~....%-.&~-.....l...s&...%......(....&.*....(....&.*....0..#.......sm......}/.......n...s&....(....&.*....(....&.*>...s/...o'....*:..s3...o'....*...0...........s.......(....*j.((.....}......o)...(....*..{....*"..}....*..0..=........{....r...po*.....(+...,..*...(,...,..*r1..p.r]..p(-...s

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Logging.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):31808
                                                                                                                                                                                                                                    Entropy (8bit):6.340842410818935
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:KhATzquC707zKCROqI8sNBvSWWh4KU2Borgw:KhAquC7qzKCZINNBvsU2Bo8w
                                                                                                                                                                                                                                    MD5:B7F13CB30356DBE3E3BF7C01E2D8C7B1
                                                                                                                                                                                                                                    SHA1:712900D638167A85017AB7F99119964D84E0A39F
                                                                                                                                                                                                                                    SHA-256:9CB78661A77FBBAE56DE368F018AC9B06E6A171DAB37E49091AC4ABC4A3D1126
                                                                                                                                                                                                                                    SHA-512:6DF9337D590ADB72DF002CD64005A59F60BA064B2AE2D207559F0B43C9C8978AE75B22115556F0F4E7567B7B7862B99FE069EC92B3C98752623636BEA92D1BB5
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!..........." ..0..N...........m... ........... ..............................6.....@..................................m..O.......$............X..@$...........l..T............................................ ............... ..H............text....M... ...N.................. ..`.rsrc...$............P..............@..@.reloc...............V..............@..B.................m......H.......@2...9..................8l........................................~....%-.&~......Y...s....%.....(....*..0..^........-.r...ps....z.(....&.(...+(......9...(.....;...(....(....(......s....(...+(......sJ...o.....*...0.. .......sZ......}........[...s....(....*.0.. .......s\......} .......]...s....(....*.0.. .......s^......}!......._...s....(....*.0.. .......s.......} .......!...s....(....*.0.. .......sb......}#.......c...s....(....*.0.. .......s"......}#.......$...s....(.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Options.ConfigurationExtensions.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):18496
                                                                                                                                                                                                                                    Entropy (8bit):6.471270775658986
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:/WW3usRTLc1/0e2HqzWtv6WCNc4HRN7r8lHa83/A:esRTDe2H7KBcY
                                                                                                                                                                                                                                    MD5:649DA85C6A1D05FBF5EC9CD7D56A5233
                                                                                                                                                                                                                                    SHA1:21FEC927114A68C88838F947500979FE6C5159E5
                                                                                                                                                                                                                                    SHA-256:2A8B0E205C47E5B1AA1955B2FD2B7A8FE1D7E2348A53A3B77134BE769E3B3878
                                                                                                                                                                                                                                    SHA-512:3B4EF2AD66B6DA93096F7EC21859FD0EDF25B030A48309E5EDAC93ED4BB1FD5CD8DC48DC344093C8FFFFDBEE2C708E1AD15EE51A37C4B015054E368B268475D0
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B.H..........." ..0..............9... ...@....... ...............................`....@..................................8..O....@...............$..@$...`.......7..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................8......H........"..l....................7.........................................~....%-.&~..........s....%.....(...+*..-.r...ps....z.o.....o......(...+&.*6.~.....(...+*....~....%-.&~..........s....%.....(...+*:.~......(...+*..0..@........-.r...ps....z.-.r1..ps....z.(....&...s....(...+&....s....(...+*6.~.....( ...*..(!....-.r1..ps....z..}".....%-.&~....}#...*..{#...*2.{"...o$...*.0..3.......s%......}&.......'...s(...()....{&...-.r1..ps....z*....~*...%-.&~+.....,...s....%.*...(-...*

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Options.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):43584
                                                                                                                                                                                                                                    Entropy (8bit):6.17781231838619
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:gNpHjW3XHbfZtbdWkbdWWbR3MNKRjsGVh0UBsr:QpHjSHbfZtbdWkbdWYSNsom0UBsr
                                                                                                                                                                                                                                    MD5:D195309528F364DFACD3BAE393EA08B8
                                                                                                                                                                                                                                    SHA1:763721AA95EB354FE7CB88AC5EADBF6D854BC5CB
                                                                                                                                                                                                                                    SHA-256:123766D210B9793CE76C2779FA87B3C8FE122A526FAA6D46841CF7CF6E5495FF
                                                                                                                                                                                                                                    SHA-512:332578FC59E8C518A0E45957D20A9A491B7D6D7567C1655C2F2FA5535450D2D9238B7937BA26B1EB271335E0DD605CB64768AC875EB0901692D021ACB1E344D1
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....`..........." ..0..|............... ........... ..............................*w....@.................................Z...O.......D...............@$..........p...T............................................ ............... ..H............text....z... ...|.................. ..`.rsrc...D............~..............@..@.reloc..............................@..B........................H.......x:..0Z..............H...........................................0...........-.r...ps....z......(.........(....(....(..........(.........(....(....(..........(.........(....(....(..........(.........(....(....(..........(.........(....(....(.....*6.~.....(...+*..-.r...ps....z.-.r...ps....z.(....&...s....(...+&.*&...(...+*6.~.....(...+*..-.r...ps....z.-.r...ps....z.(....&...s....(...+&.*&...(...+*F......(....(....*..(....o....,..o.........(....( ...*.*..0..R........(..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Extensions.Primitives.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):36416
                                                                                                                                                                                                                                    Entropy (8bit):6.181858754180119
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:HOBVTHyqXeGfbUnEsxaWYUeIBuiglpTcZZzBqyVO:HOvdXNN4aLUrBuiwi/zBqyVO
                                                                                                                                                                                                                                    MD5:30F911D2FF61105F7B5680006A9E4DEF
                                                                                                                                                                                                                                    SHA1:12285FFDA48A642F3B06B06CE73F79341475C006
                                                                                                                                                                                                                                    SHA-256:42BBC209A1A39F3BAB6652478DE1BC7DD240146E3B668D34253425EB663BCC4F
                                                                                                                                                                                                                                    SHA-512:BCC6E1B979A370D1E11083327776364620E7055CF21D05F56F5867839DE77C5C3823BD1ADF123865533263FE7766A6FDE6E66A55535C705A9097662E1181D463
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6............." ..0..^...........|... ........... ..............................bT....@.................................t|..O.......8............j..@$...........{..T............................................ ............... ..H............text....\... ...^.................. ..`.rsrc...8............`..............@..@.reloc...............h..............@..B.................|......H........9...>...........x.......{........................................('...*..('...*2.|....((...*"..}....*...0..K........-...(....*...o.....+..o.......(......X..o)...-....u......,..o*......(....*..........2......"..(....*f..{.....b.{....X.ja}....*..0...........-..+..o+......(....*....0...........-..+..o+......(....*....0................-..+...o,......(....*2 ....js....*V..}.....(-.....}....*..{....*"..}....*..0...........(.......(....*..{....*..0..E.........(/...-.(0...&.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):22128
                                                                                                                                                                                                                                    Entropy (8bit):6.960135314231489
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:p1qLlLm7ROWHciQBm0GftpBjKtPaQHRN7+TlJRKgU:G5mCRViuPLqMgU
                                                                                                                                                                                                                                    MD5:9C40A1A453C9473682CAC7CAD2021875
                                                                                                                                                                                                                                    SHA1:B509D9307F06229771355995A2615838F4A25F8A
                                                                                                                                                                                                                                    SHA-256:7BAA1546633D57114A09429A507F7B45D85E0DFDE547116A26BD7AB6C74CBDDA
                                                                                                                                                                                                                                    SHA-512:01D8A051B3936285669219B0BB065434B903B846E80F85535D07E62D7D29321989E90203BC1B4AE217F24F82CAEA1E102590D1CBDD922692267EA6CFC3F83093
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E............." ..0..............-... ...@....... ...................................`.................................i-..O....@..................p>...`......x,..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l.......#~......,...#Strings....D.......#US.H.......#GUID...X...P...#Blob............T.........3.........................................."...........)...?.).........I.......................&.................l.....!............._.........>.......................d.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y...........

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.IdentityModel.Clients.ActiveDirectory.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):296048
                                                                                                                                                                                                                                    Entropy (8bit):6.070983682180405
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:PCrY2rtoThyNaWYvTt3o7tfnQwo7iSCGtDPKg/N1uLpTC0IBlJsQUKeAT1HNPuJn:KrY2JcvTvx3o7pQwqfeg/7dPNTUNmE
                                                                                                                                                                                                                                    MD5:7B47294A979AEDF85AD037928FFCBA56
                                                                                                                                                                                                                                    SHA1:C3DCA8215680401F2CE2FFEB6EDDFD4730B0BF41
                                                                                                                                                                                                                                    SHA-256:7405912BD18C450505449D7C1C31543F8E80DCE3DA81938C91989B31EAED4C87
                                                                                                                                                                                                                                    SHA-512:499A788C0189DA85ADEB4D928D40FB4B5D9A3C6E5FAC6EDEB057D54B3DB79F8276953CD3F7DB738C9729839C01C8FBFEDADA649DBF325A7B400052014AF2FF4B
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T............." ..0..<...........[... ...`....... ..............................."....`..................................Z..O....`..p............F..p>...........Y..8............................................ ............... ..H............text...$;... ...<.................. ..`.rsrc...p....`.......>..............@..@.reloc...............D..............@..B.................Z......H........X...............S..P...lY........................................{....*"..}....*N.....(.......(....*^.r...p(,....r...p(....*R..(....(,.....(....*>..(,.....(....*V..(.....(-.....(....*B...(-.....(....*..{2...*"..}2...*..(....(/...r9..p......%..(.....(0...(1...*....0...........(...... .e+HB..... ..,'5T. .:..5&. ._=.;..... _...;..... .:..;....8..... ...%;..... ...&;|.... ..,';....8v.... }..65&. ...(;..... E.{2;(.... }..6;*...8H.... .>|@5.. .=)@;..... .>|@;....8%.... 7I.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.IdentityModel.Logging.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):30832
                                                                                                                                                                                                                                    Entropy (8bit):6.599988431994738
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:035xuFBJ6lLmHyMe6y5575ngVimmIcL0nt:035xuFB6f+VxdeO
                                                                                                                                                                                                                                    MD5:86D5A91D68243C23E579A3B8EAC41550
                                                                                                                                                                                                                                    SHA1:2AE697AB1C17776204AD8F008319D0C01AC9F8C7
                                                                                                                                                                                                                                    SHA-256:9BD601D9DE072F0537B03F8AEB32AF224D721283C02A27E854960385EE497DA4
                                                                                                                                                                                                                                    SHA-512:2A09850207247E8BF43604486F1FF580F8855913D5EB195911C38169ABED9F18F761A98731C4E2FC021D40B62013DD194FC603E98F6A01FF2B15B57B3F1A79DC
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....g..........." ..0..0...........N... ...`....... ..............................B.....`..................................N..O....`..0............:..p>...........M..8............................................ ............... ..H............text........ ...0.................. ..`.rsrc...0....`.......2..............@..@.reloc...............8..............@..B.................N......H.......,)...$..................DM......................................n......r...p.....s.........*:.(......(....*.~....*.~....*.......*.~....*..(....,..........(.........(....*..(....,..,....(/...(....*..(....*..(....,!.(.....2..........(.........(....*..(....,!.(.....2..,....(/...(....*..(....*..(....,!.(.....2..........(.........(....*..(....,!.(.....2..,....(/...(....*..(....*..(....,!.(.....2..........(.........(....*f.,....(/...(....*..(....*..(....,!.(.....2..........

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.IdentityModel.Tokens.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):139368
                                                                                                                                                                                                                                    Entropy (8bit):5.824647191275837
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:dP+l9XR735AN8yssDoqLVvODK1BJ0IzHI5GzWHPHaVs00sEX1PuEWD5WpZed:dP+l9VpAN8ysaoqT+X1PuEWD5Mw
                                                                                                                                                                                                                                    MD5:209CBF182B7D380AB95F5AD5A094C388
                                                                                                                                                                                                                                    SHA1:06F5753BDC544A96EE1592A622C0CBDD3B6747C8
                                                                                                                                                                                                                                    SHA-256:DF2849431A7F0390AF4BC9F733D5788A08F9798C0094BFB8EFD43FE13C901304
                                                                                                                                                                                                                                    SHA-512:58213C7DDE68EC1D252BCF546C7741D7D631B944FFDF7CA8793435A1666ABFC7B1BF4DB218A670FE225814ED3F570C9934BC144DC8A2D07C58A5E07D61D8D9DC
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,0..........." ..0.................. ........... .......................@...........`.....................................O.......................h>... ..........8............................................ ............... ..H............text...P.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......d....v..................p.........................................(&...**....(....*..0.............(P....-.r...p(....z.~....s....}.....~....s....}.....,)..(.....3.r...p......%...(....s....( ...z.o$.....o ...-,r...p......%..%-.&r...p.%...(....s!...( ...z....o........(....*..{....*..{....*.0..)........u......,..o....*.u%.....,..o....-..*.*.*....0...........("...,.r...p(....z.(...... [.0y5N. .355#. w..';..... .I<-;&.... .35.s8I.... .K.S;..... ..pu;..... [.0y.e8&.... ..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Build.Client.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):571456
                                                                                                                                                                                                                                    Entropy (8bit):6.085905063671627
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:12288:lPGvPaP+LQEPsDKcbZBBq9u5qIXWlmh56EYAK3:lPGvPaP+UEUDKAZBBq9u5qIXp3YAK3
                                                                                                                                                                                                                                    MD5:06437BA850547B0A309CEA5571D507A9
                                                                                                                                                                                                                                    SHA1:76A7AA481A0E4D1828D957E485F973FE17E5BD5E
                                                                                                                                                                                                                                    SHA-256:780B77013D9BA93CFA4567C059D70DA78A4DDE5DB072F8D89A095898A4A19833
                                                                                                                                                                                                                                    SHA-512:B2F5032407CAD75B9A0D928FD54B5949E08AEE45B7570AC8778C0411C3A832933CA02904A48E3DB4DA1B5E9DADB58E811DC99D381C9C5DAF6D32CD66002BB22F
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..j.............. ........... ..............................ty....`.....................................O.......(............t..@D..........L................................................ ............... ..H............text....i... ...j.................. ..`.rsrc...(............l..............@..@.reloc...............r..............@..B........................H.......X*..D%...........O...7..L........................................0..P.........(.....o.....+&..( .....{....o......(!.....("...o#.....($...-...........o%....*........3A......z.(&.....}.....{....~'...o....*2.{....o....*..{....*2.{....o....*......(....*z..(......(......(.......(....*.0...........(&.....}.....{....~(...o.....{....o....~)...o*...-..~+...(.....{....o....~,...o*...-..~+...(.....{....o....~-...o*...-..~+...(.....{....o....~....o*...-..~/...(.....{....o....~0..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Build.Common.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):205376
                                                                                                                                                                                                                                    Entropy (8bit):5.881411837733777
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:QaJIZDs+DjmOhk4qNVT/qH9S9NCf928fCe/b8R1GL9yRQrIRrgPcuzkRu6AkxeDw:1eZt9hLW/qH9S9X8KKIVQ2H
                                                                                                                                                                                                                                    MD5:D5E5321EFAA89DD6B66E5EF2494E4798
                                                                                                                                                                                                                                    SHA1:E789AB1051A47E17BF8804F7D6AE55A69E0843F7
                                                                                                                                                                                                                                    SHA-256:A68B291C34ECC7A9E8D272BF65EEB18E1B6E34F2D5D636FEA25B5B421A890EEB
                                                                                                                                                                                                                                    SHA-512:1ECC298713C1DEA3C60A5E5414AFA6F656586916A92EB6CC44A06A8590FC8E634DE7359E66ABAC4C0BAB8BFB39210A15AB40B58D9B5011A9DA7D04254A3064F9
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.................. ........... .......................@......}.....`.................................h...O.......(...............@D... ......0................................................ ............... ..H............text........ ...................... ..`.rsrc...(...........................@..@.reloc....... ......................@..B........................H.......p................w..(y..0.........................................(0...,1.-..(0...,.(....s1...z.(0...,..(....s1...z.s1...z*..-".-..(0...,.(....s1...z.(....s1...z*...0..U........-..-N.(....s1...z..+5..~2.....o3......o4..............o5...(....s1...z..X...o6...2.*....................0..X........-...-P.(....s1...z..+7..~2.....o3........o7..............o5...(....s1...z..X...o6...2.*.........1......:... ....(....*n..2...1........(....s1...z*......(....*j.....(.....(0...-...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Build2.WebApi.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):352832
                                                                                                                                                                                                                                    Entropy (8bit):6.311113218393635
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:uGpTpwlhoX0sJzBmo4xA6CWGt3C2h60+ht7pQh3EXoPRCMJMhad4aXtOFDciPQ0L:uGpTCcEsxnGy0XA4cMFo0uYJ
                                                                                                                                                                                                                                    MD5:DFA4D7343700AF28E0317678FFCAE72E
                                                                                                                                                                                                                                    SHA1:FBBE30D1B08F9996D95CDE42F61985E65D1E0B79
                                                                                                                                                                                                                                    SHA-256:9AB0EDA9168142D3CE10C0CE92B51C5DC14C39D07CB60F63034198D3E587EFF8
                                                                                                                                                                                                                                    SHA-512:C7750E3F05A2D45D54AC60E6047A2DDDC4E19C792AB52B2D4AD4804A759CCAE89028027587A61B26228AAF2A6A35EDD1EE5D66E0662FF2F8CE1B03BDFBC36E37
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..............3... ...@....... ...............................@....`.................................\3..O....@..4...............@D...`......$2............................................... ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................3......H.......H....~..................$1........................................{1...*:.(2.....}1...*..0..#........u......,.(3....{1....{1...o4...*.*v ..P. )UU.Z(3....{1...o5...X*....0..M........r...p......%..{1....................-.q.............-.&.+.......o6....(7...*..{8...*..{9...*V.(2.....}8.....}9...*..0..;........u......,/(3....{8....{8...o4...,.(:....{9....{9...o;...*.*. <JJ. )UU.Z(3....{8...o5...X )UU.Z(:....{9...o<...X*.0...........r)..p......%..{8....................-.q

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Client.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):1458752
                                                                                                                                                                                                                                    Entropy (8bit):5.9738070285643206
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24576:Vr9EpvhIBROj/zIQ701Cl7IWatS/i5MnoI7mR22U:opvhIEICl7IWatS/yA7OO
                                                                                                                                                                                                                                    MD5:A168E2DC2C43AD560E4C43BA213994AD
                                                                                                                                                                                                                                    SHA1:5D69C680DD0FFAB66B866AA62B1F0D27050DC694
                                                                                                                                                                                                                                    SHA-256:F42DD7E5CDE827F025049CA9E0CBC351621A6BBA7E4C5CA13A031964A28C7B4F
                                                                                                                                                                                                                                    SHA-512:DE7B712E1963A6630DB42A001BD5AC1046B84D6BE0A54B84BA4C2DEB3A8D398C64699D6C2820D84E6085E9082A576A7395F576F7FD15E6C8B78F50C93FC3AF19
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.................. ... ....... .......................`.......V....`.....................................O.... ..L...............@D...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...L.... ......................@..@.reloc.......@......................@..B........................H........s..@...........8@..P...........................................2~.....o....*6~......o....*2~.....o....*R.(`......s....}....*2.{....o....*j.(`....r...p(.......}....*....0...........{....-.*....(......&..}......*..................0../........{....-.*.-.r+..psa...z.....i(......&..}......*..........$......>....(b...(....*:...(c...(....*:...(d...(....*...0../.........}.....(....-.*.r...p(....&.(......}......&..*..........+......R~e....(....(f......*....0..;........-..*...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Common.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):715328
                                                                                                                                                                                                                                    Entropy (8bit):5.893944936061768
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:12288:HY9Sg0IDfcE17wAQ54Z37PKDRpl8TPnXW//:HPg0IDfN17nQWZ3ERpl7
                                                                                                                                                                                                                                    MD5:F3E4B102B91E3021396A863FCF4787BF
                                                                                                                                                                                                                                    SHA1:D5F6BB7D1521F2ADBD192B50CE3BCF8C4E623BEB
                                                                                                                                                                                                                                    SHA-256:0AFDAF2D200707D739D83BB98842F17DDA7EF725D49DAD982A338AB5336D4FFE
                                                                                                                                                                                                                                    SHA-512:37E33DB7F3618D4D85C8A41026394B960C478B752EDADB506218F1E23482503B1A6F370FCC955A917CC28443A689F8F87A66919D3435C27B319019A915E88590
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.................. ........... ...................................`.................................X...O.......................@D.......... ................................................ ............... ..H............text...(.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......4....T..........0G...n.. .........................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(J...*.0..g........(J.....o....(......o....(......o....(......o....(......o....(......o....(......o....(......o....(....*..s....*:.(K.....}....*..{....*..(L...*"..(M...*&...(N...*&...(O...*~r...p("........r...p("........*..0..J........sP.....oQ....38.oR....3..oS....oT..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Core.WebApi.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):107656
                                                                                                                                                                                                                                    Entropy (8bit):6.3944565805763665
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:8eynBjgOEWldR+fjTiliZ42BJ+0afk9qmFA5PTX/4VAFz:8eagOlr+fvi92BJ/afkoTvcO
                                                                                                                                                                                                                                    MD5:DAEB912CF381D8181FF08798DA57DEC8
                                                                                                                                                                                                                                    SHA1:06D8DE9A85E91A06C74577A4A0351EE267D5B986
                                                                                                                                                                                                                                    SHA-256:435A980CDDFFBDB6DDA514CCDA2F5C0AA2CD9CFA90E78D049DC6261F94604684
                                                                                                                                                                                                                                    SHA-512:26A3F51056B3BBE689EC431A48ED8101637D33142B1659797B20A11C20A8E31454BA044E73A49925A6C27392534B1B53F9E186936BC1D38789253FF950831FF0
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..\..........&{... ........... ..............................."....`..................................z..O.......(............f...>...........y............................................... ............... ..H............text...|[... ...\.................. ..`.rsrc...(............^..............@..@.reloc...............d..............@..B.................{......H........\..8...........,n..p....x........................................{/...*:.(0.....}/...*..0..#........u......,.(1....{/....{/...o2...*.*v .5Ru )UU.Z(1....{/...o3...X*....0..M........r...p......%..{/....................-.q.............-.&.+.......o4....(5...*..{6...*:.(0.....}6...*.0..#........u......,.(1....{6....{6...o2...*.*v ."4. )UU.Z(1....{6...o3...X*....0..M........r-..p......%..{6....................-.q.............-.&.+.......o4....(5...*..{7...*..{8...*V.(0...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Dashboards.WebApi.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):78360
                                                                                                                                                                                                                                    Entropy (8bit):6.394080250446014
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:NW2kaxfsHfwV39VWc9Da4ECGjB71BPmS4e/sViw8E:NW2kaeQthZgFr+S4e/gL
                                                                                                                                                                                                                                    MD5:5B1110384D8A80F60A9BD781A1C923E1
                                                                                                                                                                                                                                    SHA1:46442EC075512FDB1CE1276BF6A0DA51441156B9
                                                                                                                                                                                                                                    SHA-256:5861DF9135E685B28944E74CF297C16C994847C5372FCFF29BEA969FB1F91391
                                                                                                                                                                                                                                    SHA-512:65D5704914EBC3B305AB6AAA76C16F2F382E95F3F6D7CB8AEB6FF6CCC136035E17767811EC04EDBA2FFD5A5D4918C2C9E26F3D7CCB44D5C7D70A6F6A340CFA25
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.............&.... ... ....... .......................`......Zk....`.....................................O.... ..L................D...@....................................................... ............... ..H............text...,.... ...................... ..`.rsrc...L.... ......................@..@.reloc.......@......................@..B........................H........R..............L...P.............................................{*...*..{+...*V.(,.....}*.....}+...*...0..;........u......,/(-....{*....{*...o....,.(/....{+....{+...o0...*.*. .8.. )UU.Z(-....{*...o1...X )UU.Z(/....{+...o2...X*.0...........r...p......%..{*....................-.q.............-.&.+.......o3....%..{+....................-.q.............-.&.+.......o3....(4...*..{5...*..{6...*..{7...*r.(,.....}5.....}6.....}7...*....0..S........u......,G(-....{5....{5...o

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.DeleteTeamProject.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):39488
                                                                                                                                                                                                                                    Entropy (8bit):6.722627391467251
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:uIQtYGC3C8h+Ii97hcGv9VVzSYkWCTiwfoL/hp:pQtYWSRmFc49TzSYkWE6/hp
                                                                                                                                                                                                                                    MD5:549C52ED536A9C46C11099595928F8C6
                                                                                                                                                                                                                                    SHA1:39281DC642532327A17E49EEF91223E5311FDC54
                                                                                                                                                                                                                                    SHA-256:3B9A083CE30D8C3F4BE805DC2FE0B68A70A3391C0F215A04132A5D9F3FB2BA4C
                                                                                                                                                                                                                                    SHA-512:618CD4874546C2EE60703C0FAB23541508987DB362056B2013C6D6D59EFE80CC575BF19B9E337E5B48AC6354660B901A266F7659FE2CE92D67F8E9728AA55A93
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..L...........k... ........... ...............................'....`..................................k..O.......L............V..@D..........hj............................................... ............... ..H............text....K... ...L.................. ..`.rsrc...L............N..............@..@.reloc...............T..............@..B.................k......H......../..x9..................hi......................................:...s....(....*"..(....*.r...p*.~....*n.s1.........%...(.....A...*...0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*..{....*..s....}.....(......}......}......}......(....*..s....}.....(......}......}......}......(.......}....*n.{....,.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Diff.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):41096
                                                                                                                                                                                                                                    Entropy (8bit):6.646067149653031
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:80TMW+ELun3Uiv/MpKU8Ytp+72pVyAzViAL0hM:NwW+trDYtpE2pVHzVH0hM
                                                                                                                                                                                                                                    MD5:26C8A5C96C70A8028BF0E6F375EDDA27
                                                                                                                                                                                                                                    SHA1:7046FADAA60C9BBC76F3A2618ACE74DA132A722F
                                                                                                                                                                                                                                    SHA-256:28F218EE90460BC446C8634DD5151D9BD3B1466F2AE18F3D11AD9108179CBD14
                                                                                                                                                                                                                                    SHA-512:CE558CAF7FD5EA081D1D6812BBA0C0014C885748D9AEEA3C84BA4A318C9D69AFF259CD0B46C0F47333D0E7FCAA23AADC395A4A940D086F40A06F8E64116F6B6C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..X...........v... ........... ...............................p....`..................................v..O....................b...>..........`u............................................... ............... ..H............text....W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............`..............@..B.................v......H........@...3..................`t......................................V.(......}......}....*..(......}......}......}.......}.....(....*..{.....1..{.....1...}....+...}....+..{.....1...}......}....*V.{....,..(.....{....*..{....*>..}......}....*..{....*>..}......}....*:.(.....(....X*..{....*>..}......}....*..{....*>..}......}....*:.(.....(....X*...0..[........-..*.(.....o....(......(.....o....(......(.....o....(......(.....o....(........Y...Ys....*..0...........(.....-....s...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Discussion.Client.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):85528
                                                                                                                                                                                                                                    Entropy (8bit):6.279983353640965
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:b9CqTQcae1n5gIiMe9VHT0xpSwA0yulsYu3gTSA1x7oVlVf2:bnTTpVre9VHT0KwA0yulsjO1pM2
                                                                                                                                                                                                                                    MD5:26195EA5035752EAB5FFB33BA2671BCD
                                                                                                                                                                                                                                    SHA1:CF3285616C63DECE6BBF260F05E0A1E103A18F33
                                                                                                                                                                                                                                    SHA-256:11C005F9E10C3E5C82F9D45CD54CD28F3B15D2EE8C3429B2692019A443299806
                                                                                                                                                                                                                                    SHA-512:60FC66B3CE3A4572AD674733BDAF059E326B61B2A78C0AEF594579F2AB7346EDBE529F8FA8E34B89874476663A32F2581BF05D1C973F73C615D0FB75F82119A3
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.................. ... ....... .......................`...........`.....................................O.... ..L................D...@....................................................... ............... ..H............text... .... ...................... ..`.rsrc...L.... ......................@..@.reloc.......@......................@..B........................H........n..D........... ...p...........................................V.(......}......}....*..{....*~.{.....{....3..{.....{......*.*...0.. ........u......,...3..*..(....*..(....*:.{.....{....a*..(....*..0..........s......o......o....,G+=.o......r...p(....-..r...p(....-.+...(....}....+...( ...}.....o!...-..o"...&.-.+..o....&.o#...&.o$.......o%....*..0.._.......s&...%r!..p.o'....T...((...o)...&%rI..p.{.....T...((...o)...&%rk..p.{.....U...((...o)...&o*...*..0..@.........o+....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.DistributedTask.Common.Contracts.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):36416
                                                                                                                                                                                                                                    Entropy (8bit):6.768090526826925
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:sHA6/xAkImuQQacw4lVJspem69Prp/XliZvEPZlW+0QWDkimuT+quY0GftpBjqMp:s9km3Qcuspe7sZvUIxCTif1hKLPIHEk
                                                                                                                                                                                                                                    MD5:65BA4A160BB0FE6E3182CF94F21CC41E
                                                                                                                                                                                                                                    SHA1:15801AB9DDB5F98829B3191210A0F9B6CE1FA0F6
                                                                                                                                                                                                                                    SHA-256:A849A7A95E3B74CEC59316F5BBDC5EA733D5D84AD2EA0AA62E5441518EF6140B
                                                                                                                                                                                                                                    SHA-512:AA0C50720CBDAC3359D950F619467BCF0D079DBEF9BDDCCF50043CB0611CCC97FA79573B8D570E7DD8D0587082464E84878F6D0DD2C3022867ABDF90966B954C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..@..........._... ...`....... ..............................b.....`.................................._..O....`...............J..@D..........L^............................................... ............... ..H............text....?... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............H..............@..B................._......H........+..l1..................L]........................................{....*"..}....*..{....*"..}....*..(....*&...(....*.0............(......o....(......o....(......o....(......o....(......o....(......o....(......o....(......o....(......o....(......o....(......o ...(!....o.....(....(...+&..o"...(....*..{....*"..}....*~.{....-..(....s....}.....{....*"..s....*..-.*..~/...%-.&~......i...s....%./...(...+(...+(#...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Git.Client.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):38976
                                                                                                                                                                                                                                    Entropy (8bit):6.605689996690437
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:p7Yf173GQ1QSIdPzGMaCKsisCTikOLX0gK:KDIdrGMaqJEQX0l
                                                                                                                                                                                                                                    MD5:61D02B2AD414DEF7E16F5576AAEE56BA
                                                                                                                                                                                                                                    SHA1:CEADC6BC06C671E2E1EFABE02C90F443EA1BF438
                                                                                                                                                                                                                                    SHA-256:0AD2D027C8118D3BA6C151EF9877D77C03DBD231FF0034CB70D2B1DD3D5BF157
                                                                                                                                                                                                                                    SHA-512:BE8AABD2DB978829A813BF7344D6947C8446667E3B8BC23C61D294BAC1528D5C75F710480B8B5CAB32087672AD8FE1774FB1E65AD170F97F7BF127605973601E
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..J...........h... ........... ....................................`.................................ph..O....................T..@D..........8g............................................... ............... ..H............text....H... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B.................h......H...........l7..................8f......................................"..(....*"..(....*.r...p*~.r...p(......}......sC...}....*2.{....oD...*:.{......oE...*6.{.....oF...*:.{......oG...*F.{.........oH...*:.{......oI...*:.{......oJ...*..(....*"..(....*.r-..ps....*.rw..p*...0..........................sP....(....&*....0..&..................!.........sY....(....t....*...0......................sb....(....t....*b~....-...%........~....*b~....-............~....*b~....-............~.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Lab.Client.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):263736
                                                                                                                                                                                                                                    Entropy (8bit):6.201351230978904
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:zXMC+B1EUM+H2Ymvb45EhCfplCIWSVGbJozMKSPPj/RlgSqHDqv+oLAItbBe2bDN:g7B1EUiYmvT+c9Rlrq6Q2bD3TVS8
                                                                                                                                                                                                                                    MD5:5690C3F1EFFD59FAEF37DDFB2FB7C9D0
                                                                                                                                                                                                                                    SHA1:47EF4CBB4378D7B7E5904C81E8BC2CBCFF7E2B21
                                                                                                                                                                                                                                    SHA-256:C1778107B12E2DCC9516AFA98C7BDE3A14E608D3E27FBBA935D146E5C039C0FF
                                                                                                                                                                                                                                    SHA-512:E2C437DED62DFF6C7032A0DC7278DA74384C916DCE7902528AC0EB805DB0BCE5A87D2D98A8F3B33251AC837B4231329BC1B6B735AFA172E7D7DFEF5A92970D31
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.................. ........... ....................... ......~.....`.................................p...O.......................8D..........8................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......8Q...c..........0.... ..8........................................0..$..........,..o ....o!...(.....o"...s#.....*.0..q........($...,..*s%....s&......(....(....o'....s(....()....o*.........io+....o,....o-...(.........,..o/.....,..o/......*...........,Z..........Nd.......0..q........($...,..*s%....s&......(....(....o0....s(.....(1.........io+....o,...()....o-...o2........,..o/.....,..o/......*...........,Z..........Nd......N.......%.]...(3...*N.......%.^...(3...*..(4...*

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Lab.Common.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):120968
                                                                                                                                                                                                                                    Entropy (8bit):6.0278005161775665
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:WAcoy1FB3AoVtez1bjBObioluKmn+FopiVrWiPCBMSx4:goy/B3sh8NVFopiVrWSD
                                                                                                                                                                                                                                    MD5:347C6D5266CEFAE40F06B98E6A48EBB8
                                                                                                                                                                                                                                    SHA1:7DF84E80405ABEA8F25E068846FC9FDEC9FA9DCE
                                                                                                                                                                                                                                    SHA-256:DC58AA52270E41FCAF777E4CDA1BF0895A5E2A677BFEF883170AEA843A6B4026
                                                                                                                                                                                                                                    SHA-512:8C441CF8D3120810D620CD885461FDA5DF36FBDF504A65CEE78F5DDA0663F0CEF4552FC8470A2DAB9385A166024667809AD8ECB67D3696004A282C80D6863316
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.................. ........... ..............................,w....`.................................P...O........................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........n...4...........................................................0..........s......( ...r...p......%.r...p.o!...&.,..( ...r...p......%.r...p.o!...&.( ...r...p......%.........o"....o!...&.(#...-..( ...r...p......%...o!...&.o"...*.0..........( ...s$.....s%.....r)..po&....,>.o'....+...((.......().....(*...o+.....(,...-...........o-.....,p.o......+M..(/........(0...o&....rE..p..(1.......()...o2......(1.......(*...o3....o4.....(5...-...........o-.....o6....o"........,..o-.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Lab.TestIntegration.Client.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):37440
                                                                                                                                                                                                                                    Entropy (8bit):6.67664934313354
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:tbzZvTpKNO3AqUrz64QVpkFsCTi2LAhnfsl:51dKE3AqUf64t2E1Ah2
                                                                                                                                                                                                                                    MD5:D77682EB6F4790BCB077916A057C71E5
                                                                                                                                                                                                                                    SHA1:2FA8C47686C4FE7092A7319797467E6C5CED5625
                                                                                                                                                                                                                                    SHA-256:C37F7F4F2AB6176644D96C029A9CFBB88BCD37413A30F89127AF2F1BB23C1D77
                                                                                                                                                                                                                                    SHA-512:A080694FFB50FA0E2660A08658E16CFFE3E489C6C95D8F213F1B30A0A8D8DF7948CF842684CDAC6498D41C9341B60B577301D382BC41AD8F2D54BEEA9EEC3FAA
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..D...........b... ........... ..............................7o....`..................................b..O.......|............N..@D..........La............................................... ............... ..H............text....B... ...D.................. ..`.rsrc...|............F..............@..@.reloc...............L..............@..B.................b......H........*...3...........^..8...L`......................................"..(....*&...(....*..0..\........o....,%.o....o.....(....-..o....o....o....-..o.....o....s....*.o....o....o.....o.....(....*.0..h........r...p(....-).rE..p(....-&.r...p(....-#.r...p(....- +(..s.....+&..s.....+...s.....+...s.....+...s......*&...(....*"..( ...*6..o*...(....*..(!...*....0..D.......sB......}.....r...p...C...s"...~....%-.&~......F...s#...%.....(...+*.0..D.......sI......}.....r+..p...J...s"...~

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Lab.WorkflowIntegration.Client.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):35392
                                                                                                                                                                                                                                    Entropy (8bit):6.720551211982192
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:fy7uPx5oj+V0KStOLPZehCVrC2W40pWjSOmuT+quY0GftpBjlXFBaQHRN7AzlUKY:aCZ5oS0KSwrJVrSJOCTi/LX5YQ
                                                                                                                                                                                                                                    MD5:42C8DFE0ED1CF84869C9AB6C831E1763
                                                                                                                                                                                                                                    SHA1:16187C62E4D3C60EB1BE5BDD6D9E8AEB8DE3A758
                                                                                                                                                                                                                                    SHA-256:31052D2E5D7604CE5DE95715D64D52B096178705C90A904CD843A9549A94735F
                                                                                                                                                                                                                                    SHA-512:354D9FB1CC93A45C0FFB07AA34544FC656F43E8D1AB896871B0F135760C993E05A9D56F6A0AFF09508FB2F2D00EB5DCE518265617B8D66B78D5251452972FBF6
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..<...........[... ...`....... ..............................W.....`.................................h[..O....`...............F..@D..........0Z............................................... ............... ..H............text....;... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............D..............@..B.................[......H.......`*..`,...........V..p...0Y......................................"..(....*6..o$...(....*..(....*..0..D.......sD......}.....r...p...E...s....~....%-.&~......H...s....%.....(...+*.0..D.......sK......}.....r'..p...L...s....~....%-.&~......I...s....%.....(...+*.0..D.......sM......}.....rY..p...N...s....~....%-.&~......J...s....%.....(...+*.0..,.......sO......}......}.....r...p...P...s....(....*.r...p*.rL..p*.r...ps....*.r...p*..(1...*..{....*..( ...*r.( .....(!.....(".....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Policy.WebApi.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):50824
                                                                                                                                                                                                                                    Entropy (8bit):6.517664486169574
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:jzo/fBgdphoFEan85ELsQt3UX4Zci6Z4H+21DViNlLesz:j+Jg0pgCeIB6Z4e21DVyesz
                                                                                                                                                                                                                                    MD5:7F69843D9E92DCF674DB9DBA76D0329F
                                                                                                                                                                                                                                    SHA1:9D9BEBB449D511883FBD3E869AE8B54E343F8E4D
                                                                                                                                                                                                                                    SHA-256:1E294691284D440605C857E1739EE262E34F8953C48E880BD20255139425AA46
                                                                                                                                                                                                                                    SHA-512:5B0F4286153EDE2883E234CB6195E978B8977512975B62C04829EC07CA7F9C46CCA32D99917936D6F0DFA636FBC5EDA462F8E169D6CB5910EC10BE94A2C88A25
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..~.............. ........... ..............................v.....`.....................................O.......4................>..........`................................................ ............... ..H............text....|... ...~.................. ..`.rsrc...4...........................@..@.reloc..............................@..B.......................H.......|>...[..................`.........................................{#...*..{$...*V.(%.....}#.....}$...*...0..;........u......,/(&....{#....{#...o'...,.((....{$....{$...o)...*.*. .m=. )UU.Z(&....{#...o*...X )UU.Z((....{$...o+...X*.0...........r...p......%..{#....................-.q.............-.&.+.......o,....%..{$....................-.q.............-.&.+.......o,....(-...*..{....*:.(%.....}....*..0..#........u......,.(&....{.....{....o'...*.*v ..P. )UU.Z(&....{....o*

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.ProjectManagement.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):107072
                                                                                                                                                                                                                                    Entropy (8bit):6.195024188011047
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:6Nz4avtEwoV9WiiuFrhVhEFqdjQLf1dZlGr0bnjFECv:slEpV9nhEQdif7Zl60bnjqi
                                                                                                                                                                                                                                    MD5:F8E8043D0A9446D561F7D041CBBFE3F0
                                                                                                                                                                                                                                    SHA1:D8B14E4EF41E640FC2865DEFB9FD25CD7A759E6E
                                                                                                                                                                                                                                    SHA-256:C56953A8BDDDC801092BDBE3B1B751AEEBA4592701F005DFCB220B30C6ECA757
                                                                                                                                                                                                                                    SHA-512:A44FA5896199F1E3E5CF949E5310807521306342A2557CD85DCC4E3187406A880EA699B40E2FF7FFB47115888E62F4B74668A02BBBAE97686D1E69C461963C4F
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..T.........."r... ........... ....................................`..................................q..O.......L............^..@D...........p............................................... ............... ..H............text...(R... ...T.................. ..`.rsrc...L............V..............@..@.reloc...............\..............@..B.................r......H........c.............. ...xW...o........................................(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*V(....rk..p~....o....*V(....r...p~....o....*V.(......}......}....*..r...p(.....{.....1...o.....{....,..{......o....*..r...p(.....{.....1...o.....{....,..{......o....*"..sk...*...0..*.......so......o...+}.....r...p...p...s....(...+*...0..*.......sq......o...+}.....r+..p...r...s ...(...+*...0..*.......ss......o...+}.....rg..p...t...s!...(...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.SharePointReporting.Integration.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):222272
                                                                                                                                                                                                                                    Entropy (8bit):5.950939596019036
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:yliyJz+XAr8tWQXuwat8/tECzMQIvXYrh2UyyI1I5O/g0WMC/riqbcyC+:MJz+X/g3e/tEmoXsh5PDiq8+
                                                                                                                                                                                                                                    MD5:9DA01E432119292F7DA136EE28834322
                                                                                                                                                                                                                                    SHA1:80A6CB1F6E2BE7B5396CD73142A80D14F880FE92
                                                                                                                                                                                                                                    SHA-256:22BC04824C7509986696309B9B6C39FA250C1B8A51658B4EF954BF8BCB4647BB
                                                                                                                                                                                                                                    SHA-512:F36E173F83EF93DEDC11EACB95D88AC8479A7851D7651FF90D60AB1E0D4FBE8739685A62310AB772880CB2DF2CCE34FB49C9F8744300EE806A5DA36DE1068545
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.............b4... ...@....... ....................................`..................................4..O....@............... ..@D...`.......2............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................D4......H.......x...h................*...1.......................................r...p.....(....(....o....s.........*.~....*F~.....(....o....*Z~.....(....o.....c...*Z~.....(....o.....d...*.0...........(......-..*..+\...u....,N.........( ...o!......o"...(#...,....o".........+...o$...(%...,....o$...........X....i2.(&.....('...*.r)..p(....*.rW..p(....*.r...p(....*Vr...p......%...(....*Vr...p......%...(....*VrM..p......%...(....*Vr...p......%...(....*Vr...p......%...(....*Vr-..p......%..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.SourceControl.WebApi.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):787008
                                                                                                                                                                                                                                    Entropy (8bit):6.051616901057785
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:12288:HUpJPWTNhXOJpCPZ4RIS1aoRXt/zeDg0m1wh:HCJfXGZ4RrIoRXt/zqh
                                                                                                                                                                                                                                    MD5:3FB575B413F25503284832BD8E2A250B
                                                                                                                                                                                                                                    SHA1:A411B2DC61544FA549511C115D894598D72205CF
                                                                                                                                                                                                                                    SHA-256:0F758DA70B0579AF84E3291838F00A4241C60DD2CA22E895E2A904A81E9466E9
                                                                                                                                                                                                                                    SHA-512:FFC88A1DF7D2CC676F65CEC83EB54EDE6A084DEF78D67211D3D935EC20573FDC9E4415C19720D3FB0B6E7E1D9CBDAD598286E3E5DEBFD09B1F1079543D6A7576
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.................. ........... ....................... ............`.................................h...O.......X...............@D..........0................................................ ............... ..H............text........ ...................... ..`.rsrc...X...........................@..@.reloc..............................@..B........................H...........L...................0.........................................{9...*..{:...*V.(;.....}9.....}:...*...0..;........u......,/(<....{9....{9...o=...,.(>....{:....{:...o?...*.*. .... )UU.Z(<....{9...o@...X )UU.Z(>....{:...oA...X*.0...........r...p......%..{9....................-.q.............-.&.+.......oB....%..{:....................-.q.............-.&.+.......oB....(C...*..{D...*..{E...*..{F...*r.(;.....}D.....}E.....}F...*....0..S........u......,G(<....{D....{D...o

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Test.WebApi.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):48776
                                                                                                                                                                                                                                    Entropy (8bit):6.529266780331124
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:69/XS9lNdW9wpHEp5ns7qYkWUflDVixtLQO:gXelNdh1SnMY7dDVANT
                                                                                                                                                                                                                                    MD5:B6795C5E9A42F74062B79E3F4BA13894
                                                                                                                                                                                                                                    SHA1:CEBE220344698B81D0F8686FCCCF4B907C65BF8A
                                                                                                                                                                                                                                    SHA-256:F4953464452048FC8FA42C6A1979343710129DF1FFC29ADDD5D5681A253AE7BE
                                                                                                                                                                                                                                    SHA-512:5E318ACA887E0C19BEDABE7564CF6359141C3DA55D2D2640AB993A809C2E1AF3EBFDA127C1A6C3EC084D89A956B09F8617A55301049B55B4D03FC74E7DECEC0A
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..v............... ........... ..............................g.....`.................................d...O.......(................>..........,................................................ ............... ..H............text....u... ...v.................. ..`.rsrc...(............x..............@..@.reloc...............~..............@..B........................H........,..Hf..................,.........................................{....*:.(......}....*..0..#........u......,.(.....{.....{....o....*.*v .{.= )UU.Z(.....{....o ...X*....0..M........r...p......%..{.....................-.q.............-.&.+.......o!....("...*..{#...*..{$...*V.(......}#.....}$...*..0..;........u......,/(.....{#....{#...o....,.(%....{$....{$...o&...*.*. .... )UU.Z(.....{#...o ...X )UU.Z(%....{$...o'...X*.0...........r...p......%..{#....................-.q

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.TestImpact.Client.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):47752
                                                                                                                                                                                                                                    Entropy (8bit):6.394324597402815
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:2hB+PdGl7/Tz13l5G1hacr10KnFo08zVid2eLZ9p:2L+PdE/Tz13l52n0KnW7ViTB
                                                                                                                                                                                                                                    MD5:02BE6ABCA9829CA11D17922EB22954FB
                                                                                                                                                                                                                                    SHA1:4AF38A51A315A81B8F3DA7F55449E8C216DE14E9
                                                                                                                                                                                                                                    SHA-256:2C84B5692AE488E89AF02F4A10718FE8C7CDA6F52451B6E891EDD5964936B483
                                                                                                                                                                                                                                    SHA-512:D1E4C23D127A84579698A3729EE87753E82360D5E793F567E19866F395F2E6858B00ED9B913AC931022A5EBB3DCE2712F9E812C5F73ABCA3B7ACE6E00AEAAABA
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..r..........N.... ........... ....................................`.....................................O.......L............|...>.......................................................... ............... ..H............text...Tp... ...r.................. ..`.rsrc...L............t..............@..@.reloc...............z..............@..B................0.......H........7..tR..........|...H..........................................2.{....o....*2.{....o....*2.{....o....*b.{....o.....{.....o....*2.{....o....*b.{....o.....{.....o ...*v.s!...}.....s"...}.....(#...*.0..........s......o$.....o%...,.+..o&...&.o'...-..o(...&.-[+J.o&.....r...p()...-..r...p()...-.+ ....(?...o....+.....(B...o....+..o*...&.o+.......o,....*...o-....r...p.(......(H....r...p.(......(N....o....*&...o....*..~/...}.....(#.....(......(....*J.~/...}.....(#...*..{....*

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.TestManagement.Client.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):1187904
                                                                                                                                                                                                                                    Entropy (8bit):5.732319341615016
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:12288:hUfo0b16v24oGRi4ir9E2Nvck/YhPGjPW/Wu9:8fb1m24mr9vvck/Yh+jPnu9
                                                                                                                                                                                                                                    MD5:1355F79C819345E46E278C9CE39C351A
                                                                                                                                                                                                                                    SHA1:9F9796AC22EB63B7F5DE95EAE710359A8D79FF01
                                                                                                                                                                                                                                    SHA-256:CD9619F0D7C6E4E2FF7316B0E10E03A7BC1501D9EF3EEB90930BB68BB5918457
                                                                                                                                                                                                                                    SHA-512:87A321AF207D48C05E27A414ABA2612C3D7D08463C08CB6366B646E407BF36FA95EB537331B48CBBBFFA112CE276138AA83CF01368431CE1E210CC397B5982F6
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.............:.... ........... .......................@............`.....................................O.......d...............@D... ....................................................... ............... ..H............text...@.... ...................... ..`.rsrc...d...........................@..@.reloc....... ......................@..B........................H.......................(....O..........................................z...*.sK....1.......sL....2...*..0..........sM...%r...pr?..psN...oO...%r...pr...psN...oO...%r!..prq..psN...oO...%r...pr...psN...oO....I...sM...%r...pr_..psN...oO...%r...pr...psN...oO...%r!..pr...psN...oO...%r...pr=..psN...oO....J...*.#.......@(P....L...#......8@(P....M...r...psN....N...*.0..E.......#.......@(P....P...#......8@(P....Q...r...psN....R...r...psN....S...*.#.......@(P....U...#......8@(P....V...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.TestManagement.Common.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):58504
                                                                                                                                                                                                                                    Entropy (8bit):6.407982340338087
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:EIsiuCmYckqqFpYZX4BOA4b4f+7+npeBfViG7y0LM+F:giu9qLJBOqf+7EQNVZM+F
                                                                                                                                                                                                                                    MD5:031BC3564ACDEC14DF598ED859288E3B
                                                                                                                                                                                                                                    SHA1:24D0F2195BF44118E545626EB4B298A4607F9325
                                                                                                                                                                                                                                    SHA-256:1CDF7948ECC23BBEBAE960680622C133B0F61E17789B3F578D913B9C11455780
                                                                                                                                                                                                                                    SHA-512:E919575C41CF4DF741CDE2559BF632D56AA6DBCC7B0A7D3D11C456D7F35C7C9D2A1A70F5E865538AB9409544F248FC36ABC664C813F1AB0FFBDDF05D2DD9F926
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.................. ........... ..............................8.....`.................................4...O.......d................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...d...........................@..@.reloc..............................@..B................h.......H........8...j..........L................................................r...p.1...rK..p.2...r...p.3...r...p.4...r)..p.5...*J..(&...s'....6...*2((....o)...*.0..E.......s*....s+...%.o,...%.o-.....(.......(.....(/......o0...&...,..o1.....*.........!..9........(2...*.rs..p.7...r...p.8...r...p.9...rG..p.:...r...p.;...r...p.<...*...0..V........oK...,M.oK...o3....+&..(4.......o.....(5...-..o....+..o......(6...-...........o1....*..........3G.......0..J........oK...,A.oK...o7....Y.+-

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.TestManagement.WebApi.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):339080
                                                                                                                                                                                                                                    Entropy (8bit):6.222400586120575
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:tZ4887vmMt7cmPYAp/fWYAro0W2l5ilC+0i:F87XFbAroZtb
                                                                                                                                                                                                                                    MD5:4299D1FC7C22459230263A65D95EB901
                                                                                                                                                                                                                                    SHA1:D4EC262587CD930018C4D2828CEAA442F2D3114F
                                                                                                                                                                                                                                    SHA-256:795920B6EDB4BD81781BDBAAE3BF10BB5853E3C21AEF945FC89E78A44923482A
                                                                                                                                                                                                                                    SHA-512:457EEA31CC679ABF191CE6EA068B81C5CA1BA7E295BD4CD6ACFEB1683A4C2819858D1527045F97F649058A643999D91CACA3596A0776449A80BD2E7E06BE2EAA
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.................. ... ....... .......................`............`.................................t...O.... ..d................>...@......<................................................ ............... ..H............text........ ...................... ..`.rsrc...d.... ......................@..@.reloc.......@......................@..B........................H........{..l...................<.........................................{*...*..{+...*..{,...*..{-...*..{....*..(/.....}*.....}+.....},......}-......}....*....0...........u......,w(0....{*....{*...o1...,_(2....{+....{+...o3...,G(4....{,....{,...o5...,/(6....{-....{-...o7...,.(8....{.....{....o9...*.*..0..y....... .... )UU.Z(0....{*...o:...X )UU.Z(2....{+...o;...X )UU.Z(4....{,...o<...X )UU.Z(6....{-...o=...X )UU.Z(8....{....o>...X*....0..E........r...p......%..{*...........

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.VersionControl.Client.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):1119288
                                                                                                                                                                                                                                    Entropy (8bit):5.823971141321838
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:12288:hp7cxdFj8xMG7Zgn8/tZpO12XYdMFl1Vq6YZZThYoNdCl86lkuFJ0dmc:H7k7jsZZprl1VqPZFhYoWq6lku4mc
                                                                                                                                                                                                                                    MD5:664ACABA98EF985FFCBF3B2741FEDF63
                                                                                                                                                                                                                                    SHA1:8D3AA711329CAEC0E9FE0981E54990BFECBBE77D
                                                                                                                                                                                                                                    SHA-256:6FCADE4F9CF1A51B42677CCF7D291A82F0BEF6E190A0AA7B44C7FFB85A305004
                                                                                                                                                                                                                                    SHA-512:843BB614C052EADC4A77296181E932D2E9F28A435041D81A5E974DAE0A0881808F6EE7B04C5093E9F5C3E0AF2A92919CA1559FE0E9CE8305A60904EDCDD398F9
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.................. ........... .......................@............`.....................................O.......d...............8D... ....................................................... ............... ..H............text...,.... ...................... ..`.rsrc...d...........................@..@.reloc....... ......................@..B........................H............;..........................................................^.(X....(Y...sZ...}....*>.(......(....&*>.(......(....&*.0..0..............([....{....o\...s]...(^.......,..(_.....*........ $......"..(....*....0..........(Y...sZ.....-..........o`....+..oa...oP...(b.......oc....o3...-....,..o2................([....od....{....od...3D.o\...oe.....+...(f......{......og...-.......(h...-.......2...o2........}........,...(_.....*....(......%B........}.).........T.k.......:.(X

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.VersionControl.Common.Integration.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):47240
                                                                                                                                                                                                                                    Entropy (8bit):6.38130382312995
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:BJ3/0Bnvwe/nbQjHrQyrHL7q1emjSmQ/yVijtLFOZ:BCBnvweOHrQuHL7q1eCSmQ/yV8IZ
                                                                                                                                                                                                                                    MD5:2B84B880727880BA5AC4B32BCCDD0EDF
                                                                                                                                                                                                                                    SHA1:41BDE21981DDF86D58CCAA53DB216B2BED449EE6
                                                                                                                                                                                                                                    SHA-256:4EBD86002582E235BC723911282B3C20A75169D60237E96264CFBA850C261FA9
                                                                                                                                                                                                                                    SHA-512:78AC2FC0B6D12479D774D19C06E442F86D880540B8D5FC7D1083780428705D2A79BF301E94E993709369186B0F52152584B32EA0E7D1173029AD562F76CFD968
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..p............... ........... ...............................x....`.....................................O....................z...>..........p................................................ ............... ..H............text....o... ...p.................. ..`.rsrc................r..............@..@.reloc...............x..............@..B.......................H.......|5...P..................p.........................................(....*V.(......}2.....}3...*V.{9...-.~....*.{9...*...}9....{9...(....-(.{9....|5....|4...(......{9...( ...}6...*V.(......}?.....}@...*V.(......(......(....*j.{E...(....,.~....*.{E...*"..}E...*j.{F...(....,.~....*.{F...*"..}F...*>.........(....*r.......(,.....}M......}N...*..(-...*..0..c........(!...t....%.{^...o"...t ...}^...%.{\...o"...t ...}\...%.{]...o"...t ...}]...%.}O...%.}P...%.o>...*..{M...*"..}M

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.VersionControl.Common.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):271824
                                                                                                                                                                                                                                    Entropy (8bit):5.692045866746125
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:xg2wv9vo0FIToLqEXVGeM6u1tcproiSQi2dzVCGjHKXKd6cq8GsB/Fe4G7YzAvhp:ip9tSoLq6V1qF+Wpsq1mwh
                                                                                                                                                                                                                                    MD5:E517B3A4C19E05D4A673EBF761A290A5
                                                                                                                                                                                                                                    SHA1:A266215D45C23951D34D819E21EA33805DE08358
                                                                                                                                                                                                                                    SHA-256:EB396DFDFBF9044F3F367E29E9826897BF348110F0DC148E07F63D86DE617798
                                                                                                                                                                                                                                    SHA-512:9D3B32BD64289ED6FD9AF76C9B7F687E2D8AC891071E903E86F4C089BFF4A004F8B6E57588DD7AE47DF5B9C84016DFF1B5E7DBBCEAB861A57894E04F855370FA
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.................. ........... .......................@...........`.....................................O.......d................I... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...d...........................@..@.reloc....... ......................@..B........................H...........4...........PY..0............................................0...........-.r...ps....z.-.r...ps....z.-.r!..ps....z.-.r1..ps....z.o....,..o....,..o ....o ......*.....io!.........io!........+F..X...X.../.../..................*..3......io!........3......io!........1...0..-..-..*.*...0..H.........R......R.........s".........s"........(.........,..o#.....,..o#......*......$..1..........";.......0..........rA..ps$........r...p.....~....r...p(%........~....r...p(%.......

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Wiki.WebApi.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):93760
                                                                                                                                                                                                                                    Entropy (8bit):6.277676954097736
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:owCEPfl3yaGxy4XwjHTQ/TuO7WPpK9J3YR4lGfzH2fglLAZsHE9c:aK9BaSHR8Wku
                                                                                                                                                                                                                                    MD5:0CCBE505D97369701D4AF52DB0DD6B0F
                                                                                                                                                                                                                                    SHA1:139406D094F7081C1738F6142C2673BDCC31531B
                                                                                                                                                                                                                                    SHA-256:649B31AA3146CFD35B321DA1FDFC55361B11849D1FF244303B473264384BFD81
                                                                                                                                                                                                                                    SHA-512:0DA47473A2CBD75E393D38E2F5DFD87F87AFB71ACF1E0CE84F03E8A758ADF9C76A3E5138A087F7AC96C3796FB67FC17EB22DE91E19B133A57A287D3076D99FAC
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.. ...........>... ...@....... ....................................`.................................d>..O....@..(............*..@D...`......,=............................................... ............... ..H............text........ ... .................. ..`.rsrc...(....@......."..............@..@.reloc.......`.......(..............@..B.................>......H...........8...................,<........................................{'...*:.((.....}'...*..0..#........u......,.()....{'....{'...o*...*.*v ..P. )UU.Z()....{'...o+...X*....0..M........r...p......%..{'....................-.q.............-.&.+.......o,....(-...*..{....*..{/...*..{0...*r.((.....}......}/.....}0...*...0..S........u......,G()....{.....{....o*...,/(1....{/....{/...o2...,.(3....{0....{0...o4...*.*..0..K....... .... )UU.Z()....{....o+...X )UU.Z(1....{/...o5...X

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.Work.WebApi.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):109704
                                                                                                                                                                                                                                    Entropy (8bit):6.3277319963508925
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:h7y2QqQyQuQkQKQ7QmQBQHQtQ5QwQR5PeX9n+itIkPFNnGvtx4KgX/Oc6w+M2JhA:hYd15v9sByw26jR5ywZGWum4wJRy
                                                                                                                                                                                                                                    MD5:ECBAD25026AF8D5E0B60EC435EB444C4
                                                                                                                                                                                                                                    SHA1:0DD86F8A6F2BDB02B5EDF685A7F6EB1293B46B5E
                                                                                                                                                                                                                                    SHA-256:9298BA17EAE4B65C3BEF6AEF94B24282349C720E8A654B2B01ABD6E2A7AD69CE
                                                                                                                                                                                                                                    SHA-512:4B555FFC7D1EFB4C67DA00442D212580D82EFAFF92B7DFB5C8C3385D34FC1A8BE64E884290BCBC3B27E89B9AD33CCFAE60EDF996E8E2B8242B9644F1AC83232F
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..d.............. ........... ...............................b....`.................................t...O.......(............n...>..........<................................................ ............... ..H............text....c... ...d.................. ..`.rsrc...(............f..............@..@.reloc...............l..............@..B........................H........j...............w......<.........................................{#...*..{$...*V.(%.....}#.....}$...*...0..;........u......,/(&....{#....{#...o'...,.((....{$....{$...o)...*.*. .8.. )UU.Z(&....{#...o*...X )UU.Z((....{$...o+...X*.0...........r...p......%..{#....................-.q.............-.&.+.......o,....%..{$....................-.q.............-.&.+.......o,....(-...*..{....*..{/...*..{0...*r.(%.....}......}/.....}0...*....0..S........u......,G(&....{.....{....o

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Client.DataStoreLoader.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):26760
                                                                                                                                                                                                                                    Entropy (8bit):6.772606462369168
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:fjxg7+p/EJI4YjclPZo9WjEeW6R4Xm0GftpBjBmaQHRN7delt1yXg5:fNgqp/qhSJk4XVizmLd9Xk
                                                                                                                                                                                                                                    MD5:6F85CC1B34ADE442BA3689D5E6F44614
                                                                                                                                                                                                                                    SHA1:3DF5069E89D258DED600674F9FCF434D888327E6
                                                                                                                                                                                                                                    SHA-256:2DA1F46A066F91CC12048494283A28287361853D7718E5F0702FEDFB5AE335C5
                                                                                                                                                                                                                                    SHA-512:F59B7F9BB4F01C5192457B7C97EDAEB482CA94C2F9B11D901291F92B15A5BFFC5F71E4BEA296123C3BDA849D5BB9E9B73ADB7193524DCEDD8E98BD0620232790
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.. ...........>... ...@....... ..............................!K....`.................................l>..O....@...............*...>...`......4=............................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H.......$"......................4<......................................:(............*V~....,..(....*.( ...*V~....,..(....*.(!...*^~....,...(....*..("...*^~....,...(....*..(#...*^~....,...(....*..($...*~~....,.......(....*......(%...*..0..7.......~....,...................(....*..................(&...*^~....,...(....*..('...*n~....,.....(....*....((...*.~....,...........(....*..........()...*n~....,.....(....*....(*...*f~....,....(....*...(+...*.~....,.........(....*........(

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Client.QueryLanguage.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):72256
                                                                                                                                                                                                                                    Entropy (8bit):6.290906952531324
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:6teAu2JRqXLACM//uVL+4wOfQopESwc932hJ5JHEuBm/sh:veewOfQopESwc932hJ5JkuBwG
                                                                                                                                                                                                                                    MD5:581E5FB6212A08A240C0997B20E56155
                                                                                                                                                                                                                                    SHA1:BF263C84E423642CCD5D3BA617F8DFE72B671427
                                                                                                                                                                                                                                    SHA-256:A99618E7D02D7F8192837877143F315D68660692AC154012DD6BF15D3C38283A
                                                                                                                                                                                                                                    SHA-512:A3A7025774BAB6761844D147F4FF49E2ACECA8FA24690597B0CD2FEE9B1F12D29757A077C2FA8A62DC7C74FA038DFF9BB5517FAE433260E3EFA8977B4442BDD6
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.................. ........... .......................@.......5....`.................................l...O.......................@D... ......4................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........O...t..........D....$..4.........................................{....*"..}....*..{....*F..%-.&s....}....*J.s....}.....(....*r..}V.....}W....(......}U...*..{U...*..{X...*"..}X...**.o.......*..*6.,.....o....*>.-..*....o....*.0..'........o.......+...o....%-.&+..o!.....X...2.*..0..!........o.......+...o.....o".....X...2.*..{V...*"..}V...*..{W...*"..}W...*..0..[.........2U.{V........{V...2C..{W.../:.o.......+ ..o....,...o.....o'.....,..*..X...2..{V.......*.*..0..c.......

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Client.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):564288
                                                                                                                                                                                                                                    Entropy (8bit):6.013823028326823
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:uwqllHfqYb2IVuTdQqIMVeczyUbNCBJjq4YVN8wJSg2xH5jDPOSFmctE7dJFT:ufX2HTd31HMBJjE7y5jDP64E7df
                                                                                                                                                                                                                                    MD5:48794911E94A553CA44DEE7C5FBBFCF0
                                                                                                                                                                                                                                    SHA1:3285C77917654BBB4E2330CBC153EF65A23927E1
                                                                                                                                                                                                                                    SHA-256:AF7AD836686392CD0BAE252C45FEF61C60798DC4DF2023E6D408C4D812EBC62D
                                                                                                                                                                                                                                    SHA-512:078D4A1667F701B9AE6AFC1424951BC76F47F6460BBA9A718D808386FDE4B729527BB0F8DB371471CEDC08C9C52C4ADCBC3A31C5DFC5FE3E96582C991F9A019F
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..N...........k... ........... ....................................`..................................k..O.......p............X..@D..........Pj............................................... ............... ..H............text....L... ...N.................. ..`.rsrc...p............P..............@..@.reloc...............V..............@..B.................k......H...............................Pi........................................{^...*:.(_.....}^...*..0..#........u......,.(`....{^....{^...oa...*.*v .{.= )UU.Z(`....{^...ob...X*....0..M........r...p......%..{^..........!.....!...-.q!........!...-.&.+...!...oc....(d...*...}e....(_.....}f.....(g...}h...*J.{f....{e...o'...*^.{f....{e...o'....!...*...0..3........(g....{h.....si...z..{e....X..}e.....{f...o......*R..}e.....(g...}h...*.0.."........{f...u......-..{f...o....*.o....*...0..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Common.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):579136
                                                                                                                                                                                                                                    Entropy (8bit):5.812962285396966
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:lxQ8z7QyfS/K7AYsse8DNAOmLe27h+KQt0DrZs:jZBd8eih+Kg6u
                                                                                                                                                                                                                                    MD5:8175A82583FDB7B7DE6425FF479B4FF6
                                                                                                                                                                                                                                    SHA1:C9F53B9CADC35EC5C197C6873CA7D2E2F1E19F95
                                                                                                                                                                                                                                    SHA-256:59811A17F4DB17BA0BA3E6D6FBACB44FDFE7E538B92A9A8A4479FB7354F963EE
                                                                                                                                                                                                                                    SHA-512:822BDE3E3D418AAD3F6B7E9DFB78FAD9138665737387A983698FF0991AE211F84A7A2D71495C02B48A14A3F15A751742B866A81D769FBE192C4D010D3E5F9A5A
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.................. ........... ..............................$.....`.................................@...O.......p...............@D........................................................... ............... ..H............text....... ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B................t.......H.......d...............pW...L...........................................0.............(....,..(:....(....*..0..V.......~....o;...-.(<...,B(=...r...p......%........%.(>...o?.........%.(@.........(A...(B...*J(....~......oC...*....0..........~....:|...sD...%.e .%..oE...%.f .%..oE...%.g .%..oE...%.h .%..oE...%.i %..oE...%.j !%..oE...%.k "%..oE...%.l #%..oE...%.m $%..oE...%.n %%..oE...%.o &%..oE...%.p '%..oE...%.q (%..oE...%.r )%..oE...%.s *%..oE...%.t +%..oE...%.u ,%..oE...%.v

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.Proxy.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):128576
                                                                                                                                                                                                                                    Entropy (8bit):5.989562681932041
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:3BklptUe28b7btipePvWq4ZZCkI00v+mKVamSEhMhlVtjLv5Db8ERqHB:3Bkpt9bticOhCvvu8mSEhM3jLv5ffCB
                                                                                                                                                                                                                                    MD5:066532B3AFD0243AC45218A23E2F930D
                                                                                                                                                                                                                                    SHA1:DAA010534BC2CB6C1A215A30928C071C83E2AEC8
                                                                                                                                                                                                                                    SHA-256:E0315FA06DC9BFC657C827912E4C38846E10C6AB9E0411A22D8773F4FAA8F09F
                                                                                                                                                                                                                                    SHA-512:161AF4E138E3DC4782B38056D7E28D98FBF1C8184E335417A7CBE5EED77AA8935804CBC63B8E8E505B8639792BD6CF056AF4DB6DB3EEF5B52312AEEB6FB137E0
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.............f.... ........... ....................... ......].....`.....................................O.......d...............@D........................................................... ............... ..H............text...l.... ...................... ..`.rsrc...d...........................@..@.reloc..............................@..B................H.......H.......l....'..........4.................................................o&...&.o'...((...()....o&...&.o*...*n.o&...&.o'....o&...&.o*...*...0..0.......s+.....o,...+...(....o-....o........o*....o/...*N.(0......\...}....*..{....*..{....*"..}....*..{....*....0...........o1....o&...&-r+a.o2.....r...p(3...-..r...p(3...-..r5..p(3...-.+*..(....}....+#..(....}....+...(....}....+..o&...&.o........o*...*.*.r=..p*6..s4...}....*..|....(5...-...(6...*.o7...%.|....(8...l(9...o:...*N.rY..p

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.TeamFoundation.WorkItemTracking.WebApi.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):194184
                                                                                                                                                                                                                                    Entropy (8bit):6.306082892307685
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:fyjY8KtscAj9c99RQL4jrdnuzhDG8wf7moZXf2SiWh6XSxzHAU:ft8KtscAjq99RX0zhG/jRXB9
                                                                                                                                                                                                                                    MD5:530D50B43CB770B90C5A55BF32FB06C6
                                                                                                                                                                                                                                    SHA1:92E7DAA3E19E416E45D5D45A74F1D4CADAF936B1
                                                                                                                                                                                                                                    SHA-256:FF94D60C41DB73903D6922ACAD93353750AA16F7A551523B1CDBD86B4A2F0C75
                                                                                                                                                                                                                                    SHA-512:81B501AA306B284B5B6C911B6821B47DA5C8543E95C3AD72B75DFF64DA1E7BD6293B1DA7FCAF02722316EA1FECE1664D7F2C92CB8EF29C30E9B3E8BBA9DB6FF7
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.................. ........... ....................... ......r.....`.................................P...O.......p................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...p...........................@..@.reloc..............................@..B........................H...........@.............................................................{(...*:.().....}(...*..0..#........u......,.(*....{(....{(...o+...*.*v ..P. )UU.Z(*....{(...o,...X*....0..M........r...p......%..{(....................-.q.............-.&.+.......o-....(....*..{/...*..{0...*V.().....}/.....}0...*..0..;........u......,/(*....{/....{/...o+...,.(1....{0....{0...o2...*.*. <..D )UU.Z(*....{/...o,...X )UU.Z(1....{0...o3...X*.0...........r)..p......%..{/....................-.q

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Composition.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):355304
                                                                                                                                                                                                                                    Entropy (8bit):6.386999530521627
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:AkV61eAcnTC3f6aZqNTstFOEtCmIQHas9PAy3suEbi:AM61cW3f6s3Ioas94y3suIi
                                                                                                                                                                                                                                    MD5:46739F1C6EA2B024884E13009ABFB971
                                                                                                                                                                                                                                    SHA1:513F8BCB441AFD463E8E8F77959996BECBEFD719
                                                                                                                                                                                                                                    SHA-256:48D39EF323195D962DFE5101E23E803365D993EA6874895DC60D78FC03ACDEA4
                                                                                                                                                                                                                                    SHA-512:066941D654B0F957866AB1DC1775597DEC7B5E10F643ACD2E8E0A1A55154217D8036B3890331BFCAE18188BEDC9C79FA340F32FE147CE7257A206B6511BB868C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....*..........." ..0..L..........Nk... ........... ...............................c....`..................................j..O....................J...!..........<j..8............................................ ............... ..H............text...TK... ...L.................. ..`.rsrc................N..............@..@.reloc...............H..............@..B................-k......H........................H..0!...i........................................{<...*..{=...*V.(>.....}<.....}=...*...0..;........u3.....,/(?....{<....{<...o@...,.(A....{=....{=...oB...*.*. ..Q. )UU.Z(?....{<...oC...X )UU.Z(A....{=...oD...X*.0...........r...p......%..{<..........6.....6...-.q6........6...-.&.+...6...oE....%..{=..........7.....7...-.q7........7...-.&.+...7...oE....(F...*..{G...*..{H...*V.(>.....}G.....}H...*...0..;........u8.....,/(?....{G....{G...o@...,.(A....{H..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Services.Client.Interactive.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):294864
                                                                                                                                                                                                                                    Entropy (8bit):6.286743570274105
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:00TiiKhWjvqr22qQQM6V0qMpRbdluI5bZVYouoZgSYIbTBPyRr:0W0WjORLy0npRbdluI5bZyougTEJ
                                                                                                                                                                                                                                    MD5:9B11C24219E4DD30CC03E5A50B91B7AC
                                                                                                                                                                                                                                    SHA1:92FF28FA900B2A3396B80D4881CF7A20B9BAFF70
                                                                                                                                                                                                                                    SHA-256:60D8D639BBC6F3CFFCB1034B3EBEE153C9066DEAC994956FBAD753848C4EF2BE
                                                                                                                                                                                                                                    SHA-512:336C7355714076366C6D69F0CB2F999191E279CA374C25830A5FB503BDDC936B0D6C8DC4F9494A93AA9C44C91F66D5D5C7FCDE97365E6009F1AEFC76AD0C621D
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..,..........rK... ...`....... ..............................6.....`................................. K..O....`..|............6...I...........I............................................... ............... ..H............text....+... ...,.................. ..`.rsrc...|....`......................@..@.reloc...............4..............@..B................TK......H........]..(............... ....H........................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(1...*......(....*......(....*.....(2.....}......}.......}....*..*.0.............{....%-.&.+.(....9.......{....,D.{.....{....o.....{....o.....{....o.....{....o.....s3...~4....o5.....,..sY.....<&.{....,1.{.....{....o.....{....o.....{....o....o....o6......(...+*..........Zs.<#....(\...o...+*.0..O.......s.......}......(\...o....o..........

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Services.Common.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):495680
                                                                                                                                                                                                                                    Entropy (8bit):5.932656248665742
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:FOSTJ13AFqzMGLGkDLrXXA6hsKOeTLnZLQA7G7+6onT+QTtnxtUB:oSV1qqwWfiyLnCebNSst8
                                                                                                                                                                                                                                    MD5:D14BE3E5B969493CD76656B5A3FD93C5
                                                                                                                                                                                                                                    SHA1:D51CB62BD0B34BA0297D44C6D123E858417E3D7E
                                                                                                                                                                                                                                    SHA-256:8FE93A61407C913596BE528E80AFCCC080B156E02460CF2EEEC21A1A356E59D1
                                                                                                                                                                                                                                    SHA-512:49BB6CAB86713B5AA0C2A80905A61CF06AEE092B93D381394ECF12DA0A7B2ABDAE17CB29F83FB64116B89CBB752B0BC799F952792B9DE65763459B920BEB46D5
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0..B...........a... ........... ....................................`.................................la..O.......4............L..@D..........4`............................................... ............... ..H............text....A... ...B.................. ..`.rsrc...4............D..............@..@.reloc...............J..............@..B.................a......H............'...........$...:..4_......................................2...{.......*B..-..+....}....*"..(....*:.(>.....(....*...0..!........-..+....-..+....|......(?......*Z.|.....-..+..(@......*j..(....,..*.(.....o......*J.-..*..u....(....*...0...........(.......(A...*2.(B...(....*.0...........(........(C...*6..(B...(....*...0...........(........(C...*^.,..-..*.o.....o......*...(.......*J..(....,..*.o....*2.|....(D...*:.|.....(E...&*&..j(....*:.(>.....}....*6.|.....(F...*F.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Services.WebApi.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):1569856
                                                                                                                                                                                                                                    Entropy (8bit):5.979444654439174
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24576:/AIBxsHU+r5tZO0aJTJmGAspkTeE0IqbCGfKCzY342cC:/hF+iAspkTeE0Iqk42cC
                                                                                                                                                                                                                                    MD5:5DA186BD5F371EAC941E742FE880C469
                                                                                                                                                                                                                                    SHA1:6DE4AEF6A67E4D0CDAE137C3B8DC4640309E63D1
                                                                                                                                                                                                                                    SHA-256:5E27C7A67D32B5FA69FC1AD79A7EC9C26F9F8349EB165121B5DB79BCE55A28CF
                                                                                                                                                                                                                                    SHA-512:51518748C7E0DDC3590C0AB1FCB72AF67D6B1FF1D8D356A98D9C55538BAEB8F175948EBC8E0DD4C7BB2EADA73C8ADF66C0B4D358E222092C6433E155BDBE32F4
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....5[.........." ..0.................. ........... ....................... ......F.....`.....................................O.......4...............@D........................................................... ............... ..H............text...0.... ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B........................H.......D....}...........)................................................{T...*..{U...*..{V...*r.(W.....}T.....}U.....}V...*....0..S........u@.....,G(X....{T....{T...oY...,/(Z....{U....{U...o[...,.(\....{V....{V...o]...*.*..0..K....... $.( )UU.Z(X....{T...o^...X )UU.Z(Z....{U...o_...X )UU.Z(\....{V...o`...X*..0...........r...p......%..{T..........D.....D...-.qD........D...-.&.+...D...oa....%..{U..........E.....E...-.qE........E...-.&.+...E...oa....%..{V...........F......F..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.VisualStudio.Validation.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):29720
                                                                                                                                                                                                                                    Entropy (8bit):6.307789424938262
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:nG455S6Wbbbirz/Mt+nWq1XRlOFLIECvvgQk:G4HSnverDMt+nj1XjOlItndk
                                                                                                                                                                                                                                    MD5:2049EFD8771FA543823D4692AD45B462
                                                                                                                                                                                                                                    SHA1:2608CB8DB9BA91F169D0106C844FF51CE38CEE60
                                                                                                                                                                                                                                    SHA-256:4670907E3E5FDCA3CAB8BBC4F825582E391A7D6CA33B920F65FC6E06FBB42270
                                                                                                                                                                                                                                    SHA-512:7302730F15AB6AC8ED09D817ACC8D8173E369DB2665739C8EF1E7BD119BD7D9495DE0821AA336C0A03516983DD00B4061E1583D043F8BC0020915D1F5652CD1E
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....$..........." ..0..:...........X... ...`....... ..............................=e....`..................................W..O....`..<............R..."...........V..8............................................ ............... ..H............text....8... ...:.................. ..`.rsrc...<....`.......<..............@..@.reloc...............P..............@..B.................W......H.......l)..T)...........R......xV........................................(....*..(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*V(....r%..p~....o....*V(....rM..p~....o....*V(....rs..p~....o....*V(....r...p~....o....*V(....r...p~....o....*V(....r...p~....o....*V(....r!..p~....o....*n../..,...s....(....*.(....*..-..s....z*j.-........%...(-...s....z*z.-........%...%...(-...s....z*F.-...(-...s....z*J.-..s....%.o ...z*6..(-...s....z...0..=........r?..p(...+&.o+.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.Web.XmlTransform.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):81600
                                                                                                                                                                                                                                    Entropy (8bit):5.9031039927370355
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:ixBfwgGqstmPkNu6TpM9Puk2RFiAq3CXLL7PXD7l:KwlmPou6hdq3ALL7PXt
                                                                                                                                                                                                                                    MD5:6AD7D1E92C9833F4BDDE6A4BC84F2E1A
                                                                                                                                                                                                                                    SHA1:B38D23B6A960F5F07664565835137FE3C8FDB7ED
                                                                                                                                                                                                                                    SHA-256:13DCF5066E00152238191314D4A46605204FFABDBB830BDD0C97DF3027D1261D
                                                                                                                                                                                                                                    SHA-512:01C4ECC46576618394FBBEE701F5A726F97D31FB39D5F1C6305D21CA7AD0B0ABC09B69FB733C42D4D1203FCE78DD3F3D5129C21EA0BC9B92D0AB3A7BF09C006C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....`S...........!................^:... ...@....... ..............................=.....@..................................:..O....@...............$.......`.......8............................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................@:......H...........L...........Xz..-...P ........................................W.-.s....uH.wL..H..Y...A.;_*o4..`../.m'b.x8...^.....@(.....f0.k.eO.).!...].h..Jz8wv.I../.]g.7.i.o....Q.{....w..+/I....GDBX~.s....}.....(......}.....(....*v..(....o.....(....o....(....*N.{......s....o....*N.{......s....o....*..(....-..{....(.....(.......{......s....o....*....0...........(....:......(.......(....,3(....(V.....................(....o......(....sU...z......(....o....-8(....(5............

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.WindowsAPICodePack.Shell.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):546768
                                                                                                                                                                                                                                    Entropy (8bit):5.858088213820163
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:ZRAFnp++R1yj124hKX97kANqQHlWBwn9dgPan1W86b8c3v6n9c6KwZErn+LYHtAj:PApI2D97kANVFWBwn9iPIL9Mwhv
                                                                                                                                                                                                                                    MD5:5659F886E3C9A608239DF2840732842C
                                                                                                                                                                                                                                    SHA1:66D455C5D672A3BA8588FDCDDFB2A372210E5A9D
                                                                                                                                                                                                                                    SHA-256:41FC3AD7B22184B2AB389444BEA83D12D6C47F409CC1983525A9300A0EBD702F
                                                                                                                                                                                                                                    SHA-512:0EAFA42F3B5097E5DF152062DA85488D5A470E31815AEC5CC6224AE9A79517EEFA27A8400951EA6F362633F09808C7F6903DCAFCBAFEE21F8C938A4826FFB182
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3JT...........!.....<...........Z... ...`....... ...................................@.................................HZ..S....`...............F...............Y............................................... ............... ..H............text....:... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............D..............@..B.................Z......H............*...............N............................................s'...}......}.....((....{.....o)...*...0..D........%{.....X}.....{.....{....o*.../!..{.....{....o+...(,..........T.*.*.0..$........{.....X...{....o*....Y1..*..}.....*&..}.....*R..{....o-...s....Q.*B.,...~....o/...*2.,....o0...*6..~....(...+*Z.........(......(....*..{....*"..}....*..{....*"..}....*...(......(....3...(......(......*.*...(.......*~.,..u....-..*.q..........(....*.0..%........(.......(3.....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Microsoft.WindowsAPICodePack.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):102864
                                                                                                                                                                                                                                    Entropy (8bit):6.007951385612866
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:KWY7DyymCR1CfNXaxGIA/JwzFliTiFhi6kQ:RY7DyymCjQXaxGKyS
                                                                                                                                                                                                                                    MD5:0A789A343FC810017043542609F1B47C
                                                                                                                                                                                                                                    SHA1:9734559972D182D64BDE978C8306B246F60BD53E
                                                                                                                                                                                                                                    SHA-256:F687E56E69B5DAD620B18D68ECADEC2C2A337A4143C5713F9BE0C50A081D0248
                                                                                                                                                                                                                                    SHA-512:DB6DCEF599CCE532F3F054342344362011AEC63E02370B01C3D15E2C169D6BF706C789238EEFA7B16EC2D3A461978018615669EB28FE1E88E59667584E46446A
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....V.........." ..0..v..........^.... ........... ....................................@.....................................O................................................................................... ............... ..H............text...du... ...v.................. ..`.rsrc................x..............@..@.reloc...............~..............@..B................@.......H........o...............q...!..........................................n..1.. ...._ ....` ....`...*".......*..(....**.(.......**.(.......**..(......*.(%...o&....3.(%...o'...o(.........*.*N(....-.(c...s)...z*Z(%...o'...o(.........*N(....-.(b...s)...z*.(%...o&....3.(%...o'.....s*...o+.........*.*N(....-.(a...s)...z*.0...........(,...,.~-...*.r...pr...po.........W...%..,.o/.......r1..p~-...o....(0...(.........r5..p~-...o........(1...(2.... ....s3...... ....(....-..*.o4...*>...(

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Mono.Cecil.Mdb.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):49616
                                                                                                                                                                                                                                    Entropy (8bit):5.941329060638716
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:IMNvhX8qyNsCCn+VubEddnbta0iKIijpyHFe7Tf:ZvN8LC+wbOhQijpyHFevf
                                                                                                                                                                                                                                    MD5:2F4F4A1C09C436CBE30735F9ADCD2413
                                                                                                                                                                                                                                    SHA1:383D1A1F0547E4201699B3AB258D35664903EAF8
                                                                                                                                                                                                                                    SHA-256:20058E0357111DC49F57B20513F9F64D42C2E99E881440F594B67F3EDC58431D
                                                                                                                                                                                                                                    SHA-512:6E0B007F63FC0D75FB80A45E67B7C6CAB74790E1BFF3DD84935ECEE3B5300772BFC2A6F0B64EDE05FC47D6AB4D68D71DAD721C50F323CAF6581559B029B3BF5C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@BU...........!..................... ........... ....................... ............`.....................................W.......P...........................\................................................ ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................H.......xd...`..................P ......................................M..^47l.p.cb.. .E..Z........F.8d:.../.#.H...U...=.K...M.%..`.Q..6.bU.X|....G?z&;BO.)....Nba.z2. .mv...*6S1.....u......6...Tv..r...p(.....o....(F...s....*...0..Y........(G.....o.....oN...(....,7.u!.....,.r...p..........o......s....zr_..p......s....z..s....*..(....*..(......}......}.....s....}....*r.{....oN....{....o....(....*..0..=........o....o......{......(....oU.....-.*...(........(.......(....*...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Mono.Cecil.Pdb.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):86480
                                                                                                                                                                                                                                    Entropy (8bit):6.177992206484823
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:5zCkYN8TKFHgOza9nTO3bqD6nPJ8cMPKzxYX0z7v:5m/HgOITobO6PeSzxYX0zj
                                                                                                                                                                                                                                    MD5:A9AC01BE35AC80F52B9D5E2997E8CCC3
                                                                                                                                                                                                                                    SHA1:3377576F96E71BAAD68547EEEDA9E2655EA8A837
                                                                                                                                                                                                                                    SHA-256:22DD83C5C4981C74FAD754671E571F212221EE7689A3DA75C4D436AAD819DBAB
                                                                                                                                                                                                                                    SHA-512:DA1BB405633745BF4114246800A10DE59C214187FBB2D5EE4ECF692978C3000E832172D2DF2663264EE22953E2121A107805F0D75DB708D224D1375F1C717A33
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@BU...........!.....8...........W... ...`....... ............................... ....`.................................PW..K....`..P............@...............V............................................... ............... ..H............text....7... ...8.................. ..`.rsrc...P....`.......:..............@..@.reloc...............>..............@..B.................W......H........i..\...................P .......................................^.}.....L|..L.h.....sGX..Sp7.R.....+.Nu..Y.[...).........G{.6......++Ld.h..{..pJ..|..o.>H.Ow...{..[.h.......@.r:/.P..N.(.......:...}....*..{....*z..(......{......o....&..}....*..0..Y........{.....X..{.....i./"..:.....{......{.....i(......}......{.....{.....o....&.%{.....X}....*..{....*"..}....*~.{.....i./....:...}......}....*n+..%{.....X}.....{.....]-.*...{.....{..... ...._.{.....{.....X..b`hS.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Mono.Cecil.Rocks.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):28112
                                                                                                                                                                                                                                    Entropy (8bit):6.051013349306778
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:IaR6nqAWLpXRbaZ842hiQgnzBNHo2RGFZMzEbSjrBMkR7brppw4IYiNi:IaH3hba+4iijVNHpGT63rppqYiI
                                                                                                                                                                                                                                    MD5:F11714BB0919AA8235BD6155DDC4A23E
                                                                                                                                                                                                                                    SHA1:C592C25BA2C0582BCAEFACDC3F387121AB05E138
                                                                                                                                                                                                                                    SHA-256:C4C0BF0A392CE448C9B1BBA66D65F56CC453C27063B884E5A45213A1DA3683E2
                                                                                                                                                                                                                                    SHA-512:BA95B8C6A4639912A46F45186289645045B61888686E864A9497CD3C539EFEBD1AB26BD741829328687CA565C08BBF09DDFC562EAC3BF13CD9BDEB95BD6A2010
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@BU...........!.....T...........r... ........... ...................................`.................................4r..W.......`............\...............p............................................... ............... ..H............text....R... ...T.................. ..`.rsrc...`............V..............@..@.reloc...............Z..............@..B................pr......H.......<:...6..................P ..........................................k.K.p$..\.:tc(..o.jLJ.$...O.^....-.{R...D.... .2.$a...N..H.O.'.....A.q.DGm..:.PA........-......b.U.E?..#.P:........0..I........-.r...ps....z.o....-..*.o....,..*.o....(.....+...(......,..*.(......-..*....0.. ........-.r...ps....z.(.......3..*...+..0...........-..*.o......-..*.o....*6.o.....(....*...0..!........-.r...ps....z...(....,..*.(....*....0............Q.o....-..o....o........*.o.....o.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Mono.Cecil.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):285136
                                                                                                                                                                                                                                    Entropy (8bit):6.216324168906875
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:TaUU67x2AE6gaSTYUs8Nr/gaGGv8+iGKdJDkP0bAZu:xiG8Nr/vv8+O3
                                                                                                                                                                                                                                    MD5:E33AA0271668ECDDB48A0B7E57471789
                                                                                                                                                                                                                                    SHA1:9AE8EB63A28A51A3EECC9467E600A6380628B9BE
                                                                                                                                                                                                                                    SHA-256:B56027EFDEA3B88E0F9144BBCAD206044E3B17D87243D8E3237B74D790323610
                                                                                                                                                                                                                                    SHA-512:5EF33FC1D6284D2853AFB6AB4E81A4CA367020F8FA47DA6E901D15AEEFD1073D4DAD251DC4E019A4F3431647B0D5120A0368BCC1C3DA5A2D6709BD1B1CBDB5C5
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@BU...........!.....@..........>^... ...`....... ..............................Pm....`..................................]..K....`..8............H...............\............................................... ............... ..H............text...D>... ...@.................. ..`.rsrc...8....`.......B..............@..@.reloc...............F..............@..B................ ^......H............t..................P .......................................pA..].7.....3.f]...g?..z.i..C....ID..b.......p.{.<.zH.8.\"....9Alaf.<}....,\E6...O1..Z..VV.=..(..OG..Ki....~Y[.`...<%'J.j.J.("....~#...}....*N.("......C...}....*..(".....%-.&~#...}......{.....i}....*~..%-.&~#...}......{.....i}....*>.%{.....X}....*....0...........{.....%{....%..X}......*".(....g*...0..+.........C.....{.....{.......($....%{.....X}.....*..0..1........{.....{......{.....{.....X..b`...%{

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\MvvmValidation.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):63952
                                                                                                                                                                                                                                    Entropy (8bit):6.004636166641011
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:T1QMFjcjCnu3EUpGmGJ2ouXfbd38eAfHspGy2D49qZZRNi7sY028nY84AlzpPwY/:6zZG/luXZ3aM74Hu87zBw7Y
                                                                                                                                                                                                                                    MD5:17BEE33785175A8F98B2B1DC2D73B039
                                                                                                                                                                                                                                    SHA1:ADAD5D44557AF8817C1DF1A44B60E498EF75442F
                                                                                                                                                                                                                                    SHA-256:3A7F3B4BF676BA5306F29508710A2ED81ED473D03786DC3228C886E09A55FB78
                                                                                                                                                                                                                                    SHA-512:275D628BEAB68CDCFFB0CA5D265D5403592B332533441308BCF1C0BD74817D688891A0FDB340A899A84C2ACC97537B307397456CF60D921E326B2E5603AD2E2F
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}6|..........." ..0.................. ........... .......................@......QP....@.................................E...O.......X.................... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...X...........................@..@.reloc....... ......................@..B................y.......H.......@W...............................................................(....*..(....*..(....*..(....*..(....*:.(......(....*..{....*"..}....*:.(......(....*..{....*"..}....*..(....*..(....*:.(......(....*..{....*"..}....*&...(....*V.(......(......(....*..{....*"..}....*..{....*"..}....*"..(....*:.(......(....*..{....*"..}....*..(....*:.(......(....*..{....*"..}....*&...("...*&...("...*&...("...*V.(......($.....(&...*..{....*"..}....*..{....*"..}....*&...(*...*&...(*...*&..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Newtonsoft.Json.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):711952
                                                                                                                                                                                                                                    Entropy (8bit):5.967185619483575
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/
                                                                                                                                                                                                                                    MD5:195FFB7167DB3219B217C4FD439EEDD6
                                                                                                                                                                                                                                    SHA1:1E76E6099570EDE620B76ED47CF8D03A936D49F8
                                                                                                                                                                                                                                    SHA-256:E1E27AF7B07EEEDF5CE71A9255F0422816A6FC5849A483C6714E1B472044FA9D
                                                                                                                                                                                                                                    SHA-512:56EB7F070929B239642DAB729537DDE2C2287BDB852AD9E80B5358C74B14BC2B2DDED910D0E3B6304EA27EB587E5F19DB0A92E1CBAE6A70FB20B4EF05057E4AC
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O......................../.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Nito.AsyncEx.Tasks.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):17872
                                                                                                                                                                                                                                    Entropy (8bit):6.026343384417812
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:Z13pWC4RNXdl99MA1mwHCnPGI9aIIYiOF:Z14C6N39TIGI9aRYi2
                                                                                                                                                                                                                                    MD5:2E6476BD293669A38704171943365EB4
                                                                                                                                                                                                                                    SHA1:7DF15A29C835E8ECB5DA4C0726AA5048BC5D4D57
                                                                                                                                                                                                                                    SHA-256:CD90C17C7C85BE4B54694A880446E4C96FFCD38EA9469E9A43BF6789F1F64DE8
                                                                                                                                                                                                                                    SHA-512:2109A6792FCAF57A13DA146A0BF69BA61FEA12B3F836F17D1D59DC063FA0AA9570F3087966997F73B7023979398335B73397FED6D96B0FA04B7743312F134C70
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......W.........." ..0..,..........bJ... ...`....... ...............................s....@..................................J..O....`..p............4...............H............................................... ............... ..H............text...h*... ...,.................. ..`.rsrc...p....`......................@..@.reloc...............2..............@..B................DJ......H........*..............................................................6.(....o.....*...0..........s.......}.....(....s.......}.....{....|....(....,...{....{....(...+(....*.s....}......{....|...........s.....(.....'...}......{....o....(....*..{ ...*"..} ...*R.{....,..{....o!...*"..("...*v.s....(#....($...}.....(%...*2.{....(%...*..s....*.0...........-.r...ps&...z.-.r...ps&...z.o'...,...o(...o)...o*...*.o+...,*.(...+&.!o,......(....-..o-...+...o.........o/.............o0...*.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Nito.Disposables.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):8656
                                                                                                                                                                                                                                    Entropy (8bit):6.129161326880862
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:96:jrqUq7wVXb+15XZbW0w0/Td0PmfrrQG28cYG28CEQ9VgT3mUbxJ/MGz/Gm:yx7qXby5Fy0xIYiYF8d7MGTGm
                                                                                                                                                                                                                                    MD5:3FC10C1F6283B2D8B0E0AB097709CA76
                                                                                                                                                                                                                                    SHA1:001F4D8254A9A63287B5CFEA7F765BC5223B3243
                                                                                                                                                                                                                                    SHA-256:6861E44631B71ADBEEDA0212A66053EB2F5471E37072EE056716E4C770F25B50
                                                                                                                                                                                                                                    SHA-512:29C58305A3BAA288F851E5416329943334F91A0C08437EB481A438AEE7A731298C5806C65247687D9EFB08708CBC621E26795C7186A4CB7E87096E61E668CC96
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...N..W.........." ..0............."'... ...@....... ..............................a.....@..................................&..O....@.......................`.......%............................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H........ ..............................................................:.(......}....*..0..%........|.............(...+.......,...o....*...BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID... .......#Blob...........W..........3..................................................................M.....................W.............i.....i.....i...k.3.....b...4.b.....".......................%...........P ......{.:...........O.:...` ......O.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\NotificationsExtensions.Win10.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):84944
                                                                                                                                                                                                                                    Entropy (8bit):6.129397787376414
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:9jxveXaYl1rNIBFm0YWhxoilPeHWpKBxePYoUC6n304TKx7Mj:9xeXJDruBCWXbYWw0PTUC6Gxk
                                                                                                                                                                                                                                    MD5:5D6592660367849BFE1A685C43CA5524
                                                                                                                                                                                                                                    SHA1:787E29AD69FBCCA077C2BEC7489FAC4E7D70D94F
                                                                                                                                                                                                                                    SHA-256:A0DFBCC4C093916C96DBE234615ACD1DAC4BE00C36916398207A77516ED98E79
                                                                                                                                                                                                                                    SHA-512:FDAB53C8ED4F7D4E9B920215D3651DEA597F974277C6D1DECF7C1F954FB5311BF9E830DAFD406B5421448F8F64A4CAE430BA738F11DDEE2E2097EAC345BDED42
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(.|W.........." ..0..0..........~O... ...`....... .............................._.....`.................................,O..O....`...............:...............M............................................... ............... ..H............text..../... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............8..............@..B................`O......H........]..............................................................J.s....}.....(....*..{....*"..}....*.0..Z........(....o....-.r...ps....zs......(....o.....+..o......o.....o....o ....o....-....,..o......*........*.$N........(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*6.|.....(0...*..{....*"..}....*..{....*"..}....*..(1...%.(....o....%.(....o....%.(....o....%.o....*V.(....-.r...p*.(....*J.s!...}.....(....*..{....*"..}....*..{....*:.(......}....*..{..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\NuGet.Squirrel.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):567760
                                                                                                                                                                                                                                    Entropy (8bit):5.981822339750375
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:2EMcTHZmC/Sf0xSP4NcDE0+3mEL4Cpp8/zyvVbSaDW5qSlXhTmVfC9qRRhDBeK+l:2zcT5mC/Sf0xq4NcJi4OvVbzW5mVtfq
                                                                                                                                                                                                                                    MD5:1ED405D83B3F0C213B7C9F67F2B51F8D
                                                                                                                                                                                                                                    SHA1:23967DAB29DEBFD827E5FC58264E4A27FECDC7C5
                                                                                                                                                                                                                                    SHA-256:1A323E6E1FC03FC3918938DB33656D6D30BF1C53B626186CD31158CC733C50BF
                                                                                                                                                                                                                                    SHA-512:A0B65E7CF2ADB116D6AF89E92ADAB02BE33E7807CFCD6263636614663A1E938EC4A517D7FA245EE14FA1063F3176C1F8CA116E553FDB91619D4691F04CBC07FC
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... ..^.........." ..0.................. ........... ..............................I.....`....................................O.................................................................................... ............... ..H............text...,.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........TN...........A...i............................................{G...*..{H...*V.(I.....}G.....}H...*...0..<........u1.....,0(J....{G....{G...oK...,.(L....{H....{H...oM...+..*. .... )UU.Z(J....{G...oN...X )UU.Z(L....{H...oO...X*....0..X........r...p......%..{G........4...-.&.+...4...oP....%..{H........5...-.&.+...5...oP....(Q...*..{R...*..{S...*V.(I.....}R.....}S...*...0..<........u6.....,0(J....{R....{R...oK...,.(L....{S....{S...oM...+..*. .2;. )UU.Z(J....{R...oN...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Nuget.Core.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):666288
                                                                                                                                                                                                                                    Entropy (8bit):5.8893745001894
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:yuDaFawY8QrOOI4Hyg+lAO4MkKAkp9ZALzwE294HuAo64P+k0iGwgrOcJyql++lD:naFa5hj5yg+lqniTgN9fxVL
                                                                                                                                                                                                                                    MD5:CFE27B330347673C5EB1387C16F9B69B
                                                                                                                                                                                                                                    SHA1:AFD5E99854485B34559D9E122D452563AFAD0A82
                                                                                                                                                                                                                                    SHA-256:784D2A3D7FBDB469CC3A67091763AADF283575A9BF3B873F771F5F87ED7327C7
                                                                                                                                                                                                                                    SHA-512:4F4D9FC6A32EEE2EA52085580993645B651EBA2137A985E03D05645CB8A428840246430FA7EA1D080AB0042EEAB6E84E7BAF72A0C4E8515CCF03274063BAE64C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Nuget.Core.dll, Author: Joe Security
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)U.W...........!.................$... ...@....... ....................................`..................................$..K....@..x....................`......X#............................................... ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................$......H...........\............*..|n..P .......................................)"..<........fD....9|8X..AE.`....i..-~.~..g.gc...a.......z\.z...W].......K`.E?.YQ....Xw<..R..&....:.B.oN$..b.3..s=W[~..^6.r...p.o....*...0..m.......~.....(....,Z(....o....~....-........s.........~....(...+....o!.....Yo"..........(#...o$...s%..........~....*.~....*.......*V(....r5..p~....o&...*V(....rw..p~....o&...*V(....r...p~....o&...*V(....r...p~....o&...*V(....r...p~....o&...*V(....ri..p~....o&

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Octokit.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):784848
                                                                                                                                                                                                                                    Entropy (8bit):6.223779717400718
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:12288:bfbDSDIqNnVJzTW60tSQJ4x9EnZsdsBJEfyPzfK5h3vKlYBzGu:76DFtVJzTW6ES8sdsBJEfyDK5hfKlYB
                                                                                                                                                                                                                                    MD5:5457F9175CFB8B6C999AA2D647370D0B
                                                                                                                                                                                                                                    SHA1:E3608AA5448C23AC74C4ABFD03A1E8AAB24D8306
                                                                                                                                                                                                                                    SHA-256:E0FD72A4FA4DE1EAF642F0F8F136E4E441735BA97946D90122184D761581A1A1
                                                                                                                                                                                                                                    SHA-512:1C23AEC284B76E0BA0D3F5E30654CE70F219212ADC88075608798621B0FE1885570482AAEF69648B96D3C437E853AE3D1C6F636C12EA3B1C7BB86D1DF71F2DBF
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^O..........." ..0.................. ........... .......................@.......7....`.....................................O............................ .........T............................................ ............... ..H............text...l.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......h.................................................................{%...*..{&...*..{'...*..{(...*..().....}%.....}&.....}'......}(...*....0..k........u......,_(*....{%....{%...o+...,G(,....{&....{&...o-...,/(.....{'....{'...o/...,.(0....{(....{(...o1...*.*..0..b....... .Y.V )UU.Z(*....{%...o2...X )UU.Z(,....{&...o3...X )UU.Z(.....{'...o4...X )UU.Z(0....{(...o5...X*...0...........r...p......%..{%....................-.q.............-.&.+.......o6....%..{&................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ReactiveUI.WPF.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):53680
                                                                                                                                                                                                                                    Entropy (8bit):6.512573849929987
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:7XluckCNEEudCukZ/8RBx/fFI0UysZjkEqk/bDB9K9rrrKxm5PiUf2zOk/9vch/:71gCekN8R/feVjkUQr+xmViu26k/9A
                                                                                                                                                                                                                                    MD5:5E6BA73D4447A24D166F8E6340DA1834
                                                                                                                                                                                                                                    SHA1:1FDDF5CE04AFECF50A4AA96AB38B6684F29CB10F
                                                                                                                                                                                                                                    SHA-256:3A951CDFA70C8EE35DF7363402B59DBA49808A42D44D346B03939C37D18DE545
                                                                                                                                                                                                                                    SHA-512:BE1E0913C6D64DA75B05B3A55502C3DC9C2EA19775066B02753D67AA8241427E1B982E6A57FDCE85FC794602861A5E4CE0B1AB7EA5233325A76A89F84D153C0C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... ............." ..0.................. ........... ....................... ...........`.................................P...O.......t...............................p............................................ ............... ..H............text........ ...................... ..`.rsrc...t...........................@..@.reloc..............................@..B........................H.......L<...b..............8.............................................{....*..{....*V.(......}......}....*...0..;........u......,/(.....{.....{....o....,.(.....{.....{....o....*.*. .... )UU.Z(.....{....o....X )UU.Z(.....{....o ...X*.0...........r...p......%..{.....................-.q.............-.&.+.......o!....%..{.....................-.q.............-.&.+.......o!....("...*V!...`.....s#........*......($...(%....(%...o&...-..*..*.0..........sn......u....}-....{-...-.~'

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ReactiveUI.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):276912
                                                                                                                                                                                                                                    Entropy (8bit):6.493976787438116
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:ntc6cnip2YkJdyPOLASnUKLH8THWq4DhUVcrl3MPS3YVbMPQoLSWXHSaj:nDgip2LJdyP9H/zHPAAbmLSWXHd
                                                                                                                                                                                                                                    MD5:A05EBAF9D2C5BEEF61D4EC9743DC8F12
                                                                                                                                                                                                                                    SHA1:49DBFC9893B7DA56FB3D35092D322BC284120613
                                                                                                                                                                                                                                    SHA-256:BE6CADE286075C8423B5F1782FA4B1337C36BD764D106A9656F3AD69ED549E83
                                                                                                                                                                                                                                    SHA-512:82DD8AC11D2EC6886D51E086920F5FD19F818306A5B7960BE32C987C8093546EEAC748EFEC09471D762CB661A7312E6EE0FCA851DDB4876FDDB04588248CC6FA
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O............." ..0..............-... ...@....... ..............................w.....`.................................N-..O....@.......................`......x...p............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......|.................................................................{0...*..{1...*V.(2.....}0.....}1...*...0..;........u%.....,/(3....{0....{0...o4...,.(5....{1....{1...o6...*.*. A.(. )UU.Z(3....{0...o7...X )UU.Z(5....{1...o8...X*.0...........r...p......%..{0..........(.....(...-.q(........(...-.&.+...(...o9....%..{1..........).....)...-.q)........)...-.&.+...)...o9....(:...*..{;...*..{<...*V.(2.....};.....}<...*...0..;........u*.....,/(3....{;....{;...o4...,.(5....{<..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Refit.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):84408
                                                                                                                                                                                                                                    Entropy (8bit):6.57072174412326
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:bSJQrlWqr/c5uU/QiNgvY/Y6lvHz5NYP754gY9le:mg5ou2QiNgg/hvVCPF4gKe
                                                                                                                                                                                                                                    MD5:F179A351A89486EB18043D2B39591655
                                                                                                                                                                                                                                    SHA1:691923C26CB9BA7F25733570B8268974FAB7B733
                                                                                                                                                                                                                                    SHA-256:BC0F21D644CD2AFA4868A6B6F68CB8A1152F6BF90389B4697CDEDA84B1F23813
                                                                                                                                                                                                                                    SHA-512:7D1F4CCE099B9C9E6DE372A1D640DE60AA308314C26BA37904C0201F1F5B1EFD644C7A702FFDF54BDA9953222CDC8302053AB85A6F699C44FA567F36C7E24DB2
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R'J..........." ..0.."...........@... ...`....... ...............................m....`..................................@..O....`...............*..............P...p............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............(..............@..B.................@......H.......li...............................................................{....*..{....*V.(......}......}....*...0..;........u......,/(.....{.....{....o....,.(.....{.....{....o....*.*. .... )UU.Z(.....{....o ...X )UU.Z(.....{....o!...X*.0...........r...p......%..{.....................-.q.............-.&.+.......o"....%..{.....................-.q.............-.&.+.......o"....(#...*..{$...*..{%...*V.(......}$.....}%...*...0..;........u......,/(.....{$....{$...o....,.(.....{%..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Resources\auth.html

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with very long lines (13626)
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):14979
                                                                                                                                                                                                                                    Entropy (8bit):6.069596337382463
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:gHuRrasgU4eC9+LcKK7WJ02kKGjcZU+7I:RRr8eC9HWJ02f/U
                                                                                                                                                                                                                                    MD5:38922D74A6D33BAB28A63145701110A1
                                                                                                                                                                                                                                    SHA1:4217471D83C798B2CE6B8B4F94273BBEA68624C0
                                                                                                                                                                                                                                    SHA-256:24664689AE1CF279380E20FAA4FD0C5D96BA0708C9AF55DC79FB823430C397C1
                                                                                                                                                                                                                                    SHA-512:4451D13FC1851456B156C7E6B234E3353FA168B63B7DAD5A6ACF65FBD1578AB46DF6BD7AAD5645A54B742737504C3B90F4E33CE9F27714C5492E3BFC28060E5C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:.<!doctype html>.<html lang="en">. <head>. <meta charset="utf-8">. <title>SourceTree Authentication</title>. <link rel="stylesheet" href="http://aui-cdn.atlassian.com/aui-adg/5.9.19/css/aui.min.css" media="all">. <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>. <script src="http://aui-cdn.atlassian.com/aui-adg/5.9.19/js/aui.min.js"></script>. </head>.. <body class="aui-page-notification aui-page-size-large">. <div id="page">. <div class="aui-page-panel">. <div class="aui-page-panel-inner">. <section class="aui-page-panel-content">. Can't serve this yet :( -->. <img src="http://localhost:58293/atlassian_software-03.png"></img>-->. <h2>Authentication Successful</h2>. <p>SourceTree has been successfully authenticated. You may now close this page.</p>.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\RestSharp.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):173520
                                                                                                                                                                                                                                    Entropy (8bit):6.0738821677656505
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:4sChvztWrT9EZ0N/rc4x+s1hpVH5LqdxTIIIJI8Ij87t79UkXrw/GrvSjsl2x8va:4DztWrT9EZQ/YMJ5r9UM1Kf
                                                                                                                                                                                                                                    MD5:325B06F821DD43C3819D2796F0769D0F
                                                                                                                                                                                                                                    SHA1:B035A6B70FB46088033F80A148A470662110105D
                                                                                                                                                                                                                                    SHA-256:B930C19D5DB0DFAFAFC166CF878303010DF2F1789978FD3DF11602030BDA3C4D
                                                                                                                                                                                                                                    SHA-512:05BE8362E9A42E298670801BC42139EDB8EBA20424C694990D39A4D3272E6784AC1E847EAD01EDE74A540107AAAE5C13475375C004249673AF28BE96967AF3B8
                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\SourceTree\app-3.4.19\RestSharp.dll, Author: Joe Security
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.U...........!..................... ........... ..............................9>....`....................................S.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......................................................................0..4........(....(....r...p..(....o....(......r...p.(....}....*J.of...r%..p.o ...*..o....~....-........s!........~....(...+-..r%..p.{.....o?...&*..(.....-.rA..ps#...z.rY..p.(....}....*..oj...."....."...o$...,..of...r%..p.o ...*.*..o....~....-........s!........~....(...+-..r%..p.{.....o?...&*2.(%...(....*:...s&...(....*r.(.....-.ro..ps#...z..}....*6..{....o*...*..{....*"..}....*..{....*"..}....*..{....*".

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SharpCompress.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):458704
                                                                                                                                                                                                                                    Entropy (8bit):6.187658885739608
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:WcGv7iCPwqEYosfdBtmXaxWoXY06nQk2zLRC+oRZkR4CDy2sqIT0czXv:K+CoCoCBtmXWnL6nd2ZiUR4WylT0qv
                                                                                                                                                                                                                                    MD5:B06990216F2EA1772476880A56B9DC9C
                                                                                                                                                                                                                                    SHA1:C7CA1341110ACCE1D8988D7E18B783C3868777C3
                                                                                                                                                                                                                                    SHA-256:B812517ACD06673AEE0A698BE53E7928F33F597BDB35F6FC6F37DB4EF49999B7
                                                                                                                                                                                                                                    SHA-512:3EDC4FB0F16A9012A55B762F03474B74D475FC006576B4A0D8E6022EA6B490A624437012DD2C9ADF206D8CD3018B2B44F574B9B63CCD2720FE90895205D7B329
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._]..........." ..0.............v.... ... ....... .......................`............`.................................$...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................X.......H........f..D[............................................................(G...*"..(H...*&...(I...*..(....*"..(....*&...(....*r.,.~......~...... ...._X.*.*n.,.~.....~...... ...._X.*.*R..2.~.... .....X.*.*F..2.~.....h.X.*.*R..2.~.... .....X.*.*R..2.~.... .....X.*.*.0..A.........{.......a}......{.......a}......{.......a}......{.......a}....*....0..(..........?_d....1...n_....{.....Y.?_b`.{...._*.0..@..........{.......(....}.......{.......(....}.......{.......(....}....*.0..5...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Accounts.Windows.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):17360
                                                                                                                                                                                                                                    Entropy (8bit):5.9670485098175154
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:GlDpwghR6guugENITqs/fPvtS6MFkFMfpCz1RyP3EjlnXqIYiYF8d7MGsC1:G1isMFkZcMu9naIYiUC1
                                                                                                                                                                                                                                    MD5:8BBAE9BBDE2C865E48002FB93A4F09EF
                                                                                                                                                                                                                                    SHA1:8B8C16AEB216F5E6D3D9310E29DA508D019F9CB9
                                                                                                                                                                                                                                    SHA-256:92A7F800DC60742C4B2FD8A602ED29738FBBDBAA2217F5E1C8814F1A1B165322
                                                                                                                                                                                                                                    SHA-512:24B2419CB80594A4DEA48D698A7933FC58B82D194B5383453E4BB95A54E57417932A88AE17424D0254C316CC6DA1CD88AB35861212C19D83BD04DDE126F0561E
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$..f.........." ..0..(...........F... ...`....... ....................................`..................................F..O....`..T............2..............`E............................................... ............... ..H............text....'... ...(.................. ..`.rsrc...T....`.......*..............@..@.reloc...............0..............@..B.................F......H........&..h...........................................................N.......(....(.....*F.....(....(.....*6......(.....*.0..).........%-.&.(....%-.&r...p...(.........(.....*....0..U..........(......(......-..r-..po....+....,...r-..pr?..po......(.......-..+..(....(.....+..*....0............(.....+..*.0.............(......(.....*....0..F.........(......,....+4.,..rO..po....+....,..rY..p..(.....+.ri..p..(.....+..*".(.....*..0..o........r...p(.........(.........,C.( ....... .

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Analytics.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):22480
                                                                                                                                                                                                                                    Entropy (8bit):6.128831420783897
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:IF0L0dp44ChtP6wiBu9Y7/vkpwVflBYWgkhn+IYiiPC:F0rUti//PVd6ynTYiJ
                                                                                                                                                                                                                                    MD5:871A062A6F925B09D1A6A08CDA523E52
                                                                                                                                                                                                                                    SHA1:4EB8D3130884E91137B613174E677790033E106C
                                                                                                                                                                                                                                    SHA-256:468A9006FC9687F9D71067A137190D81FBFE592ACF8C442E58A2BE2F1C23028F
                                                                                                                                                                                                                                    SHA-512:E9D0A1BED6E1233E3562AC04624EBA9F19AD299789342A10C0F1E63D7F1574C0C8A0B952CD215B6E7A147C9FCC8C3FD8B881A37802CEDFB2F8A58B7A2A0921D4
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..>...........]... ...`....... ..............................(.....`.................................O]..O....`...............F..............h\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B.................]......H.......l-................................................................{....*..{....*..{....*r.( .....}......}......}....*....0..[........u........N.,H(!....{.....{....o"...,0(#....{.....{....o$...,.(%....{.....{....o&...+..+..*..0..K....... /..= )UU.Z(!....{....o'...X )UU.Z(#....{....o(...X )UU.Z(%....{....o)...X*..0...........r...p......%..{.......%q.........-.&.+.......o*....%..{.......%q.........-.&.+.......o*....%..{.......%q.........-.&.+.......o*....(+...*...0..b...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Account.Basic.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):19408
                                                                                                                                                                                                                                    Entropy (8bit):6.0692611297223396
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:6q3SxMh3c8Wyi/lVPvt/Q2PbmWECuIBETIAuzHU4jRkLCdtIYiYF8d7MGuy:6m+Mdcjv533EC/ETIxzHTkLC3IYimy
                                                                                                                                                                                                                                    MD5:95FA9268EA343A1B7FEE3783A6631476
                                                                                                                                                                                                                                    SHA1:C1C943745A078E4F56EE5F05EE7CC01B5192A736
                                                                                                                                                                                                                                    SHA-256:CDA6262B48C0C50B84C7731E7AA0D6A84497CFF41D1EC320AE021BCA45414606
                                                                                                                                                                                                                                    SHA-512:6E078FA1FFA0B911EF3BB7A58B58D9773C5C5B0EB1165ABB24BD83CD09D4869F14E16D198CF8B6885B4057850420641D5444D690DB61121A4F258FA6A7778B68
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../..f.........." ..0..0...........O... ...`....... ....................................`..................................N..O....`..`............:...............M............................................... ............... ..H............text..../... ...0.................. ..`.rsrc...`....`.......2..............@..@.reloc...............8..............@..B.................N......H.......X(..,%............................................................s....z".(.....*...s....(........%-.&r...ps....z}....*..{....*..0..F.......s......( ...}......}......}......}......}.....|......(...+.|....("...*...0..M.......s......( ...}......}......}......}......}......}.....|......(...+.|....("...*....0..M.......s .....( ...}......}#.....} .....}!.....}".....}.....|......(...+.|....("...*V.....(#...($........*&.(......*F.(........(.....*..{....*"..}....*..(....*~.(.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Account.OAuth.TwoZero.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):35792
                                                                                                                                                                                                                                    Entropy (8bit):5.984178057288914
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:kERMpNNit8DRovp6licmMgnsyWzXwpBfRYih:kuMpNNzqv8QPpoXwzR7h
                                                                                                                                                                                                                                    MD5:4115791F220D98AF9978BFD405F4E052
                                                                                                                                                                                                                                    SHA1:55BFFFD11846EC2CB9A5054D11382B7D0E00634F
                                                                                                                                                                                                                                    SHA-256:C35D606EAED489D5369F3B66BC9762C60F247CC91419AB6FF251FFC04895B504
                                                                                                                                                                                                                                    SHA-512:C99194D03B8528F2E8214E377CC84A94CA27B9400C2F09AD1686AC338AE013A362369D0C46F99E07E967DE0A740372390151BF8FD00FC31F838B039DBB6A7D44
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........." ..0..p............... ........... ..............................w.....`.................................d...O....................z..............,................................................ ............... ..H............text....o... ...p.................. ..`.rsrc................r..............@..@.reloc...............x..............@..B........................H.......8>...O..........................................................".(.....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*...0............(.....+..*^.(........}......}....*.0..B.......sJ......}$.....}#....(....}".....}!....{"........(...+.|"...( ...*...0..B.......sM......}6.....}5....(....}4.....}3....{4........(...+.|4...( ...*...0..*.........{....o!...s"...%.{....o#...o$.......+..*...0............{....o.....s%.....r...pr...po&...&

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Account.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):22992
                                                                                                                                                                                                                                    Entropy (8bit):5.8680628121239025
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:iII8MRNkh5a6q77gV+UubFeVIHXQ+8isehIYireu:iIItG5a+akIHXQ+JR2YiL
                                                                                                                                                                                                                                    MD5:C74A4D50A32EE4CBDE6A76BF77563C3C
                                                                                                                                                                                                                                    SHA1:5838BB281AC06A20BD9887E1A28BD409037B4789
                                                                                                                                                                                                                                    SHA-256:DFC9A953C9F73029B61B38A44307C01942ABE22288DE8BFB0275AEC74D4644C3
                                                                                                                                                                                                                                    SHA-512:1DAE1FC85C3CBC887CAEA373E108347BA4E803212A500F8246E0DC21E0E86ADE60209907FA598689B9D70F07D1970936BFAC75B4B5A140FAC13DC322DDB53B4E
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........." ..0..>...........\... ...`....... ..............................J.....`.................................h\..O....`..<............H..............0[............................................... ............... ..H............text....<... ...>.................. ..`.rsrc...<....`.......@..............@..@.reloc...............F..............@..B.................\......H.......P)...1...........................................................0............{.....+..*V...|.....r...p(...+&*..{....*"..}....*..{....*"..}....*.0............(....%-.&.+.o....,#.(....%-.&.+.o....%-.&.+.o.......+....,.(.....+Ur...p.(....o....(......,...(....o....o.....+(rG..p.(....o....o.....(....o....(.....+..*.0............(....%-.&.+.o....,..(....%-.&.+.o.......+....,.(.....+Kr...p.(....o....(......,...(....o.....+#rY..p.(....o.....(....o....(.....+..*...0..J.......

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Analytics.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):9680
                                                                                                                                                                                                                                    Entropy (8bit):6.179847713294758
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:96:P45vmG+FcP3PTjHjTuYsltU733Td0PmfrrQG28cYG28CEQ9VgT3mUbxJ/MGzcKbv:AZEcP3PvjGw3ZIYiYF8d7MGYKgJi
                                                                                                                                                                                                                                    MD5:B2E3C2A0D4AA5A5FB818E4EAD4FDFA60
                                                                                                                                                                                                                                    SHA1:33F27CE151E76F6DD68F5897037ABBE51FF72BA2
                                                                                                                                                                                                                                    SHA-256:AA6789668A3A7CDC8D24DF4B2AA579350D5BCCC968DA6F942E9563273A249A6C
                                                                                                                                                                                                                                    SHA-512:63F3AF3505AE5EE194DAF2E7966F909A6245E17261FB81BB04A742CA2FDF7CFC1EA678AB4C7BCE64918DD992E9DF99AC80BB15EB04E505A53A9611456E584EE7
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....#..........." ..0.............~*... ...@....... ...............................0....`.................................+*..O....@.......................`......<)..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................_*......H.......P ..............................................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US. .......#GUID...0.......#Blob...........W..........3................................................../.........h.7.....7.........W...........K.....,.......................................................L....."...*.......L...................Z.............D.............z...M.............M.........l...M.............M.........f...M.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Benchmark.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):25552
                                                                                                                                                                                                                                    Entropy (8bit):5.996483563997636
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:Z0ZcTx1MxMo3Brn36GiXBO9SKnB5Eo37nDIYilkYA:Z0UmBr36LBuR1sYiij
                                                                                                                                                                                                                                    MD5:85187DC6CA16DAE57403C9832B39AC3B
                                                                                                                                                                                                                                    SHA1:30570AD0DAB86FEBE24F642EFA0E3F15040C16BB
                                                                                                                                                                                                                                    SHA-256:8CC267B074ADDE5CA8D76DCB5A8814666D55029146085825E6A815904E256DBF
                                                                                                                                                                                                                                    SHA-512:63CF4550DE44216B3BC8E4C2B062FA450F1AFF330518CF9BA91B6F81B789BB177333C1B5F04F77B7ECB0835A919B689091B504E1AEAADADED39B9AD23CCB13F3
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J..f.........." ..0..H..........Zg... ........... ...............................l....`..................................g..O.......H............R...............e............................................... ............... ..H............text...`G... ...H.................. ..`.rsrc...H............J..............@..@.reloc...............P..............@..B................<g......H.......T0..|5...........................................................0...........(.......,..o.......+....,.r...ps....z..}....*...0..+.......sS......}&.....}%.......T...s....(...+.+..*..0..!........(......o......o .....o!...i.+..*....0..B.......sY......}/.....}.....("...}-.....},....{-........(...+.|-...($...*v.{....o%....{....o&...o'...&*v.{....o%....{....o&...o(...&*v.{....o%....{....o&...o)...&*v.{....o%....{....o&...o*...&*v.{....o%....{....o&...o+...&*z.{....o%....{..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.CustomActions.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):10704
                                                                                                                                                                                                                                    Entropy (8bit):6.011686254005331
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:96:HWMZICUGWmU5VVaGcOAnVZNfYcjs/Pt37Td0PmfrrQG28cYG28CEQ9VgT3mUbxJT:HuCUkUsZNQcjkZFIYiYF8d7MGpD4CX
                                                                                                                                                                                                                                    MD5:DB8B22743893CA3DE3F7F848D7ADA82C
                                                                                                                                                                                                                                    SHA1:CB28DCDEE6C4ED5E173A11A135196362AC4B4FE2
                                                                                                                                                                                                                                    SHA-256:B4A8137565E7CB6E3065265E08BC134683EED074C683A04F154318C71F99E0D6
                                                                                                                                                                                                                                    SHA-512:0F4949A42359E4482139B907429F6B6D26E09173F1E0AEE030A87F100A1AFFD1EF6394701829C2E1D5440918DA109D5CBF780C50A823C1ED1679EE86A91FC7F6
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>..f.........." ..0.............6-... ...@....... ..............................B]....`..................................,..O....@..`....................`.......+............................................... ............... ..H............text...<.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................-......H.......P ..\...........................................................BSJB............v4.0.30319......l...|...#~..........#Strings............#US.........#GUID.......x...#Blob...........W..........3.......................................................................................... .................../...../...../...../...S./...p./.........../...../...../.........:.D...............:.......)...........................................e.D...............a.....S.....S.m...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Dvcs.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):118736
                                                                                                                                                                                                                                    Entropy (8bit):5.962367879553946
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:dJjU656MhSq9feLJlXoUul6Kw2hDrQNKah:PU656rq9fAlX3u4Kw2lQND
                                                                                                                                                                                                                                    MD5:EDEE081C27D6F696BB0086B4748FD06D
                                                                                                                                                                                                                                    SHA1:75901B19513A6A66731FAC69392727B6E8AE2E4D
                                                                                                                                                                                                                                    SHA-256:F7D41BDCCF0D7DA30760DEC05CD5E27CE264E11890B543CF4AB351F12EAE81FA
                                                                                                                                                                                                                                    SHA-512:8FD98F9968EB8E813F7CFC6037F40BE9882079429195E0530257D1B1A8096DEFA247FE11AFC187D4B5A2FE03575681DE4BB04A52A45955B8B9B771BE5AB3A4B2
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........." ..0.................. ........... ....................... ............`.....................................O...................................H................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............3...........................................................0............{.....+..*..(........}......}......}.......}.......}.....(.....*...0............(....-.r...p..(....+...+..*....0..............(........(......(.........,..{.....o....&*...0..D...........{.......o....&.,...( ......+....,...{......o!.....{.....o"...&.*.0..............(.......(.....*..0..!.........{.....o#.....,...{.....o"...&.*....0..@..........(....o$......o%....+..o&........(.......o'...-...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Framework.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):27088
                                                                                                                                                                                                                                    Entropy (8bit):5.882211688525362
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:3VTUgfpaFIIgy3EcYOT9OGEiPtlTk9jHws7YpIkyrIc3YMUUWnjAe9Y1MPSG6GIS:lIEplV53c9OGEiPtu9ks7tt9bYiv2
                                                                                                                                                                                                                                    MD5:0D10BB9DEF70D0F368AB677186DF2152
                                                                                                                                                                                                                                    SHA1:C9995887145F6CE85D13759623CB3DE60B7A9AB5
                                                                                                                                                                                                                                    SHA-256:251200F12B792C155A1C30514E29F8FF3DBFD1E2D8D71ED5279E031526B3533C
                                                                                                                                                                                                                                    SHA-512:E644D80A5908A49DE65EB68E3C9D0A1F34C4A254A8EEC20F9587F0CAFE29FADBC60BD8277D7A9BE90A6972BAE8E203AFBDAF56F730821951611F6015A665855F
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........." ..0..N..........rm... ........... ..............................;}....`................................. m..O....................X...............k............................................... ............... ..H............text...xM... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B................Tm......H........9...2............................................................{....*"..}....*..{....*"..}....*".(.....*..0..m.............s......o .....(!........,&..o"........,.r...p..o#....2...($........&.......(!.......,...(.........+...*...........FI.......0................s......o%.......&.....(!.....9........r...p.o&.......,...o'....+6.r#..p.o&.......,...o'....+..r3..p.o&.......,...o'.....rA..p((.......o)....1....o*...o+...o,.........+......,.....o*...o+....o-...o........(!

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.Identity.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):12752
                                                                                                                                                                                                                                    Entropy (8bit):5.987596060610102
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:un+/OtuP9xaUNRjkwmIYiYF8d7MGjISCzk:hO8PTTcnIYirISCzk
                                                                                                                                                                                                                                    MD5:11667891C2CBDE4CFBCAF98DDC1DB855
                                                                                                                                                                                                                                    SHA1:87A675DF733263E541C1D612FD1AE4795ABDFE8E
                                                                                                                                                                                                                                    SHA-256:A242BEA41825F46C88C0012613716AF7C734D638C401BB410C5A7A09D4627B60
                                                                                                                                                                                                                                    SHA-512:57542D998C87020035A47FE434F1B3BBE7CA80B8CE3116489AEAD49418983122A7757ABB0BC76F53CF50EF97C88AED38B43B551EAE1361A35508F220BA29B8D9
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..f.........." ..0..............4... ...@....... ....................................`..................................4..O....@..`............ .......`......H3............................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................4......H........!..............................................................&.(......*6.....(......*.0..........s.......}......}.....(............(....(.........(....(....(...+(...+.(...+...{....(...........(....(.........(....(....(...+(...+.(...+...{....(.......o........(.....*.0..7.........(....o....t.....( ...o....t.....o!....("...s.....+..*..{....*"..}....*.0...........(#....+..*..0.............+..*..0.............+..*..{....*".($....*BSJB............v4.0.30319......l...$...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.Scm.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):31184
                                                                                                                                                                                                                                    Entropy (8bit):5.957385913274007
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:e5HV3lH9azfG9YOVk7YUyx7aFwI/jKkyZnzYi2aw:eBPd+fEYOq7DGI/jKFhz72aw
                                                                                                                                                                                                                                    MD5:C5DE0DADB5AB69668766825C590F8F34
                                                                                                                                                                                                                                    SHA1:7D6A680D63EDBB7BDF788398CC96C4E8ABB08D0F
                                                                                                                                                                                                                                    SHA-256:DCF89EEC79E31E7AFF30F562B3B27D85A61678647A9280A58E2EC848139C9D2E
                                                                                                                                                                                                                                    SHA-512:DE59C9BAF288D4319776BB0EF57CC25B560AFA53B47B296131DE52C53D2251DC14A968185848E0E4014054CF214253432C2F559057F00B5EF1DC87DB59C1FC5F
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(..f.........." ..0..^...........}... ........... ...............................p....`..................................|..O.......<............h...............{............................................... ............... ..H............text...4]... ...^.................. ..`.rsrc...<............`..............@..@.reloc...............f..............@..B.................}......H........2...H...........................................................0..X.......s.......}B.....}C.....}D.....}E......}F....(....}A.....}@....{A........(...+.|A...(....*.0..U.........o)...o....o....u...........,0.~....r...p......%..o)...o....o....o ....(!.......+..*".("....*V.....(#...($........*.0..2.........(....oW.....,.+.....+.r}..p.+.r...p.+.~%....+..*...0..7.........(&...o'...t(....((...o'...t)....(.....()...s.....+..*&.(*.....*6.....(......*..0..........s.......}O..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.Host.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):17872
                                                                                                                                                                                                                                    Entropy (8bit):5.932641954921493
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:ynbkOZ+YklApO6KmY2oPHl0qk2/IYiPcQz:ynbzjOd6qk2AYiX
                                                                                                                                                                                                                                    MD5:26EEB4F082BB8B8AC12B62F0FBF96DAE
                                                                                                                                                                                                                                    SHA1:C57F38E98C30E32439584BB140D043172BD3646D
                                                                                                                                                                                                                                    SHA-256:A41C00EE831D00D4935F87A0B7CE7592D6B2C62682CCF11A06B6D71CBD83AEB8
                                                                                                                                                                                                                                    SHA-512:407E68C6BFECF7101B76835CDC5001B7207C02256B3ED7BEBC799E73E902A3DAC776B9E335A1F4448675A0A88B73CF692C048DEB61BD2CE4288823F43486B561
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........." ..0..*...........H... ...`....... ..............................u.....`.................................DH..O....`..$............4...............G............................................... ............... ..H............text....(... ...*.................. ..`.rsrc...$....`.......,..............@..@.reloc...............2..............@..B................xH......H........#..0#...........................................................0.............(......(.....s.....+..*...0...........~.....+..*".(.....*Vr...pr...p(.........*..{....*...0..R.......sL......}.....(............(....(.........(....( ...(...+(...+.(...+...{....}....*...0..4.......s$......}%.....(....(...+(...+...(...s)...(...+.+..*.0............(....(...+(...+.+..*..(........}+.....},.... ....}-....~....}/...*..(........}+.....},......}/.....}-......}0...*..{+...*..{,...*.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.UI.Wpf.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):2147792
                                                                                                                                                                                                                                    Entropy (8bit):6.491518045954881
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24576:wKgk+jIBSkVW6t8C7oDxrFSr2FhP/ZahvEjxQOveFUnrT1MRAzc:wKgk+cBSkVEPouZ+ENCGrpM2Y
                                                                                                                                                                                                                                    MD5:B251E67FBA6EBCA2868C91287C356779
                                                                                                                                                                                                                                    SHA1:F69B438D92B4E77085154C38A93E39ED023F89A0
                                                                                                                                                                                                                                    SHA-256:52B53A2DE5A1C6B4BB23D5DB6E263C1CB4EE327B95029042D75CA0EE34C07D44
                                                                                                                                                                                                                                    SHA-512:9684D4C6A7BCD472344BC3344B2BE019D4E6CF3FCA6A70669CA82E1F080ACC46B4F3904A9B624375BEFD8E12D49E0A0561F76ED5DF3EE8A5E8BDA5C233AD8920
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..f.........." ..0... .........f. .. .... ...... ....................... !.....E.!...`................................... .O..... .0............. .......!....... .............................................. ............... ..H............text...|. .. .... ................. ..`.rsrc...0..... ....... .............@..@.reloc........!....... .............@..B................H. .....H.......................t`..hf...........................................0............ 4......(E....+..*.0.................oF....+..*B.........oG....*...0..1.........oH...r...p $...........%...%....oI...t.....+..*.....oJ....*".(K....*...0..,..........+....(L......&......(M.......X........-.*................~...}......}......}.......}....*.0.....................(N...(O......(P...(O......(Q...(O......(R...(O.......(S....(S...l....(T....(T...l......Y....#..............,C...#....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Api.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):135120
                                                                                                                                                                                                                                    Entropy (8bit):6.028879459493551
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:GspDXN9g0xUKaQY3jpNS0ZJGLYBcCtT0hQgJ:zDfM3jdc
                                                                                                                                                                                                                                    MD5:07F9E852BB66A0DC7CD2A5E9FDDC6EA7
                                                                                                                                                                                                                                    SHA1:D4465174270B2B08249470BA0BC8C158A8DBB2F2
                                                                                                                                                                                                                                    SHA-256:768994890EE10C48FC7A45530EE388D3CB9F1C2E1310CF428BE7E997AB004BEA
                                                                                                                                                                                                                                    SHA-512:CF32C19D7FFD8C1740D75D25254600B479F32D56C8E8E2E38E159CAD6BC427D5EF70DF518E8C047952C554BF0D9D886F80786EE85AE3C7E653E84339C94580F7
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._}..........." ..0.............2.... ... ....... .......................`......-.....`.....................................O.... .......................@..........T............................................ ............... ..H............text...@.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......p...Lw...........................................................0.."..........{....(........,...{....(....}...............{....(5...}6.....r...p(5...}7....s8...}.....{.....o9.....(......r...po:...o;.....r...po<.....o=....s>.......o!.....+...o....t...........o?...&...o....-.....u........,...o.......(5.....(@.....o;...oA.......Q.{......r...p..oB.......&...Q.......*..A4..........'........................................0...........sC.....oD...r)..poE.....,..oF...,..oG..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Git.UI.Wpf.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):21456
                                                                                                                                                                                                                                    Entropy (8bit):5.9483769570092
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:5Vq0HJ7VEn4vPZE0ECiGv7mExro5OQc8jIYihWe:j3VUOQNMYiwe
                                                                                                                                                                                                                                    MD5:FF1CACFFE383E6AD8459E0E7BBB1A50F
                                                                                                                                                                                                                                    SHA1:1ED596E47B4E43760037023F4EC636E7270A55AF
                                                                                                                                                                                                                                    SHA-256:D56882A94B97A43120DF05B985A1F477487A3B611C2617A5B58F5EF4D1130ACF
                                                                                                                                                                                                                                    SHA-512:D9D3A72F13360FEB95B01FA801A275C6F2486FB4B6484DDE38F5267BF668ACA27D9B9D36B5161AE52ECB99AD56B63743EC44C213BE0B840681F2FD9592114FE8
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..f.........." ..0..8..........VV... ...`....... ....................................`..................................V..O....`..T............B...............T............................................... ............... ..H............text...\6... ...8.................. ..`.rsrc...T....`.......:..............@..@.reloc...............@..............@..B................8V......H........$...)..........tN..X...........................................B.(.......(.....*....0..*.........{......,..+...}....r...p.s.......(.....*&...}....*.0...........(........%-.&r...ps....z}......%-.&r...ps....z}......}.......}.......}.....r...p(....( .....4...%....%....(!...}.......(........}.......}.....("...}............s#.....($...}....*..{....*..{....*"..}....*R..(.....{....(%....*..{....*..{....*.r...p*.0..2...........,!..{.....(.....o...+..{....o'......(...+.+..*..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Git.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):196048
                                                                                                                                                                                                                                    Entropy (8bit):5.834188496933054
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:urbCiTmWqqS/VDNp2sLdVpvBsxj9Cmx38MtPaXEC:ur5TmW2n5Vpvy2IS7
                                                                                                                                                                                                                                    MD5:C1F64D2E5069E9F89A9E779AF8B8B273
                                                                                                                                                                                                                                    SHA1:DE8B96C1D7A97F0DA3500B8DF560151B2D4CC60B
                                                                                                                                                                                                                                    SHA-256:7880D5EBFB3B46E0C429BB3A01C40C03AFAFCAD79E42AE378B181B279B0A9560
                                                                                                                                                                                                                                    SHA-512:27A82EA43C1D1D41F1AF349267867123ADF1E7A535D97C41E693AA5EAA1C679179123798088C595BDE6A550803AFD8936EA1595F4C53030E615E25B61AB5B081
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;..f.........." ..0.................. ... ....... .......................`...........`.................................x...O.... ..@....................@......@................................................ ............... ..H............text........ ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B........................H........k..\............................................................0............r...p.(......o/....1...o0...o1...o2......+....,X...o0...o1.....o0...o1...o2....Yo3...o4...o5.....r3..po6.....,.....o7....Yo8.....+....+.~9.....+...*...0..n.........r7..p.(......o/....1...o0...o1...o2......+....,2...o0...o1.....o0...o1...o2....Yo3...o4...o5....+.~9....+..*...0..*.........(......(:.....,..+..rw..p.o...+..o<....*...0...........~9.....r...p.o=.....,...(>.....(>.....+b.r...p.o=..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Hg.Ui.Wpf.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):20944
                                                                                                                                                                                                                                    Entropy (8bit):6.053241959274915
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:1kQiWHYI8cL05OaZCXvNS29VM3EERdEuQtAGHd4Rck1EozUkIYia+8O:uWHYI8P5pUfNSI2lmtA2uRcRVYiX8O
                                                                                                                                                                                                                                    MD5:1E01515A8BB395DDB93C1A799FD63100
                                                                                                                                                                                                                                    SHA1:0961F0BDBBEF23DE4B250876473BBAED41E9F71C
                                                                                                                                                                                                                                    SHA-256:729ABABBA2142026AF76B9CDB484CA76C88DDDFEA73F916F92183FC7FFD44ABA
                                                                                                                                                                                                                                    SHA-512:27971F3688EDCB2A6B31092F43961CB475705D15AE19614D7109232008F3386ABC1A5BDD4AC1B59D2770EA583E7233A27131BAFF857A7494961A8818D0CE6E09
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........." ..0..6..........zU... ...`....... ..............................h3....`.................................(U..O....`..H............@...............S............................................... ............... ..H............text....5... ...6.................. ..`.rsrc...H....`.......8..............@..@.reloc...............>..............@..B................\U......H........*..p)...........................................................0..........s.......}......}......}.......}.......}.......}.....(............(....(.........(....(....(...+(...+.(...+...{....}..........(....(.........(....(....(...+(...+.(...+...{....}..........(....(.........(....(....(...+(...+.(...+...{....}..........(....(.........(....(....(...+(...+.(...+...{....}..........(....(.........(....(....(...+(...+.(...+...{....}..........(....(.........(....(....(...+(

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.Hg.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):138704
                                                                                                                                                                                                                                    Entropy (8bit):5.831078760734493
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:p/1pGbNfCqEoDKpwOOGH4FrJzAskA/G5dhEAy2cwRx6f/3clEAbUHvxRr7u:pdpGbNVGmZ5JUhXNcwC/3clmpRri
                                                                                                                                                                                                                                    MD5:007CCD7A7225EC34E1583D72399DF8B2
                                                                                                                                                                                                                                    SHA1:7B841677DA748A2056418441B10B428D8D7EAF9B
                                                                                                                                                                                                                                    SHA-256:AC3BA836F71CC9717D46478B6BFFC067047693267F5F16BC3BBCFD44FE0B326A
                                                                                                                                                                                                                                    SHA-512:5B85BEDEDE451A3A6F5B74AE49E67A4F90E3EFCFBE5542B37F5FC344A4FAC4C73474A8E34B89C692F78408AD632548B10EAB653D6E20A1490C657DF30C2CEC26
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........." ..0..............!... ...@....... ....................................`.................................L!..O....@..$....................`....... ............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................!......H...........X&...........................................................0..\.........r...p.(......o/....1...o0...o1...o2......+...., ...o0...o1....o3...o4...o5....+.~6....+..*.0..*.........(......(7.....,..+..r#..p.o...+&.o9....*...0..G...........r=..p.o:.....,...(;.....+#.(<...,..r=..p(=...(>...+....,.......+..*..0..........s........}?.........................(?...........(@...(A....?...(B...(C...(...+(...+.(...+...{?...}.......}.....(G...oH...rK..p(=........*...0..........

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Dvcs.None.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):40912
                                                                                                                                                                                                                                    Entropy (8bit):5.825956747471402
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:GWWWfWWWBLwWW6JjYWWWWJeWWWWW5T1WoJW1zWJ0YW6lWWW0WYJWWWWWW1CJOWmA:OZCcgNdqernQP8l7+
                                                                                                                                                                                                                                    MD5:98D08402398E9417D102BCC36809F981
                                                                                                                                                                                                                                    SHA1:54655E1F40EF7E7657CE9B2423A2539B5E3761E8
                                                                                                                                                                                                                                    SHA-256:6C56FD88138235904A7D475C3F65F2BAB14D8ED38FC0DF43542CE41908647B75
                                                                                                                                                                                                                                    SHA-512:D4E1470F8A596C4583272296BDE46D2AABF64620777826B5B363D47A88FC7AEE1EC76012E9182B7721E58960BE345CC59320E140ED2C90733E1F8308084EF518
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:..f.........." ..0.................. ........... ..............................Ww....`.....................................O.......0...........................l................................................ ............... ..H............text........ ...................... ..`.rsrc...0...........................@..@.reloc..............................@..B.......................H.......h8...i...........................................................0..!.......................s........( .....*....0.............+..*..0...........r...p.+..*..0.............+..*..0.............+..*..0.............+..*..0...........s!....+..*..0...........s"....+..*..0...............N....(...+.+..*.0.............+..*..0.............+..*..0.............+..*..0.............+..*..0...........s$....+..*..0...........s$....+..*..0...........s$....+..*..0...........s$....+..*.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.AtlassianAccount.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):17360
                                                                                                                                                                                                                                    Entropy (8bit):5.966353927868133
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:Hu+7CKbXoVhmAXXrXV6cMj/oTDTht3DjQxsJkQlvN7JjoKNQIYiYF8d7MGGZtD:HuyCF+gbV6cMToTD1uxMkQZNCFIYiuHD
                                                                                                                                                                                                                                    MD5:4862A0517E5C3D6588489E37D34601D1
                                                                                                                                                                                                                                    SHA1:E864F2E5EFC810759C6D5E476ACEDC192F742814
                                                                                                                                                                                                                                    SHA-256:A18939B9951D2E02A299782C783261837AB2D9D33549F5C6DF455CDEFB432F68
                                                                                                                                                                                                                                    SHA-512:65625633B520D654B29B5B4AB53824B46C8A64804C9F8AB04809B114BA316E5164D2383A4F9FCF7141B281F279762C0336CA8AB0B2223002394A4AFCD52F3A65
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...(..f.........." ..0..(..........fG... ...`....... .............................._.....`..................................G..O....`..x............2...............E............................................... ............... ..H............text...l'... ...(.................. ..`.rsrc...x....`.......*..............@..@.reloc...............0..............@..B................HG......H.......h%..t ..........................................................&.(......*..(........-.r...ps....z.}......-.r+..ps....z.}....*..{....*..{....*...0............(....o.....+..*....0............(.....+..*..{....*.0...........(.....+..*..{....*..{....*..0...........~.....+..*..s....z..0...........rA..p.+..*..0............(....o....o.....+..*...0............(....o....o.....+..*...0............(....(.....+..*....0..!.......... ....s....re..ps....(...+.+..*....0..!..........

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.Bitbucket.Server.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):50640
                                                                                                                                                                                                                                    Entropy (8bit):6.066358228854332
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:U1CtlLLxXh47aQ/KvFzvvrTC4KmTH/C1dnnZ5waH+kH+ycLzHgYYiV:U4tlL9R++FmzHnZqaH+muHR7V
                                                                                                                                                                                                                                    MD5:677B5DBE8C9AB3E57E9A37F8CE3D0813
                                                                                                                                                                                                                                    SHA1:D1B225163D333DB317C07BD62E96F11DE61DDEB6
                                                                                                                                                                                                                                    SHA-256:8A02196BB6BBD1352F1FD7A4C4D336F0B3DD07C786F0CA42936AA643705647E3
                                                                                                                                                                                                                                    SHA-512:54F94A15F36B9B8901011D7DE6E4AEF89C7FC416991E9C4798293E3F2AA68AE2A0CBAF9E7806E7EC90795EF65071C48094088F837427DE135ADF99A2692A1062
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E..f.........." ..0.................. ........... ....................... ......X.....`.................................8...O.......x............................................................................ ............... ..H............text........ ...................... ..`.rsrc...x...........................@..@.reloc..............................@..B................l.......H........T..`r...........................................................0..R.......sR......}#....(............(....(.....#...( ...(!...(...+(...+.(...+...{#...}....*...0..j..............,..~....r...p(...+(%......8B....o&........,..~....rU..p(...+(%......8.....o&...u!...%........9......(.....o'...o(.....o'...o)....o&...o*...o+...o,..............,,.(-...(.....o/....o'...o0...(1...(2...s3...z..(4.......(5.......,,.(-...(.....o/....o'...o0...(1...(2...s3...z.o/.....(6......o7...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.Bitbucket.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):64976
                                                                                                                                                                                                                                    Entropy (8bit):6.072394650915115
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:YqLqfAjAHhucS1JqrEAGJH+xkln1H7GBk:YqWDccS1AEpH+xkl1Hmk
                                                                                                                                                                                                                                    MD5:98938404FAEC45943B1CFDB721AA155D
                                                                                                                                                                                                                                    SHA1:7BF62CAE867CD1F3A9FEA20296D58878527A4D06
                                                                                                                                                                                                                                    SHA-256:7BA3E5C3D402DD2491A1ADAC76E09DCD938748299DDB8DBA41614D50D38461C6
                                                                                                                                                                                                                                    SHA-512:8F48CD47476EC5D2CED5A9783A594E06FAF7C70C89E2CCBEB7EA6B05C0618DEFD32C80F20438986AF779A4B0037AF20D93E84E9ACF469431F8662B62A8D5286B
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........." ..0.................. ... ....... .......................`............`.................................P...O.... ..H....................@....................................................... ............... ..H............text........ ...................... ..`.rsrc...H.... ......................@..@.reloc.......@......................@..B........................H.......<h................................................................}.....s....%r...po.....%r...po.....}.....( .....*..{....*.0............}.....s....%r...po.....%r...po.....}....ss......}:.....};.....}<......}=......}>....( ...........(!...("....:...(#...($...(...+(...+.(...+...{:...}..........(!...("....;...(#...($...(...+(...+.(...+...{;...}..........(!...("....<...(#...($...(...+(...+.(...+...{<...}..........(!...("....=...(#...($...(...+(...+.(...+...{=...}.......

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Host.GitHub.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):56272
                                                                                                                                                                                                                                    Entropy (8bit):5.9640379873327385
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:4YJLSbO+70P08lOoEjjfKMkZF/vVoH+B4+E7f:bSO+xvoE3fQfoH+B4+Er
                                                                                                                                                                                                                                    MD5:609487E325660EE1A817920ABCFC8427
                                                                                                                                                                                                                                    SHA1:B98C52AE3051CC719684BA8CFD97A84B4F72F5CE
                                                                                                                                                                                                                                    SHA-256:A730B7D8C75E73A975CCC5BC91B0BACCF4500317225DF93A8E2114551C8B65F1
                                                                                                                                                                                                                                    SHA-512:D95ACE4CFA6A88A88B392F25C513884B4E98A3E058042A36414999FE4A6311B9E0E3863558BC54E7F7AB7B307DCC3AED7AA9870826413D48680E5A9B9569F56A
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q..f.........." ..0.............6.... ........... ....................... ............`.....................................O.......<............................................................................ ............... ..H............text...<.... ...................... ..`.rsrc...<...........................@..@.reloc..............................@..B........................H........]...~...........................................................0..........s.......}8.....}9....(............(....(.....8...( ...(!...(...+(...+.(...+...{8...}..........(....(.....9...( ...(!...(...+(...+.(...+...{9...}....*....0..C..............,'.~....r...p(...+(%....~&...(...+..8.....o(..........,'.~....rU..p(...+(%....~&...(...+..8.....o(...u ...%........9......(.....o)...o*....o+....o)...o,...(-...o....(/.......(0.......,,.(1...(2....o+....o)...o3...(4...(5...s6

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Localisation.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):374224
                                                                                                                                                                                                                                    Entropy (8bit):5.210987475717513
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:uz/YicW6V4B/qFGl3WnGrPrfJW+MAeze1+8lrKwyy6szMppZSmZdeXP+:CgicW6V4B/BGCWOMpuycG
                                                                                                                                                                                                                                    MD5:25DB660B09306B30B136F219CA724533
                                                                                                                                                                                                                                    SHA1:F65277123C6FD7D821C63F89CC5FDF9942C4B14E
                                                                                                                                                                                                                                    SHA-256:0B783B75CFDB2A9B1DD2DFECB48C3D3F64E34E226FD308EEE498155BAF1EFAE0
                                                                                                                                                                                                                                    SHA-512:F7A04A6297181C5F93167D9D574022D21BCF01A8AA6AF2358CFD2266D61B234827770763C84C52E0DFD8D30B97834B5161627638057AB8A117F3780D683CA7C3
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=............." ..0.................. ........... ..............................P|....`.....................................O...................................p...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........(...F...........o..pH..........................................&.(......*...0..9........~.........,".r...p.....(....o....s............~.....+..*....0...........~.....+..*".......*.0...........(....r?..p~....o.....+..*...0...........(....rK..p~....o.....+..*...0...........(....ri..p~....o.....+..*...0...........(....r...p~....o.....+..*...0...........(....r...p~....o.....+..*...0...........(....r...p~....o.....+..*...0...........(....r...p~....o.....+..*...0..........

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.CommitContainer.Wpf.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):20944
                                                                                                                                                                                                                                    Entropy (8bit):6.047689544995828
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:HQhs4ZgVuESGPXjtk+c3ej/qB5D8aWd91aIYi8jsC:HQhs4ZeljE+91nYiAT
                                                                                                                                                                                                                                    MD5:66F00BB7F3651CFDFD278DAA8F92ACB0
                                                                                                                                                                                                                                    SHA1:70A9E120696306358F7EEF3076BACE2BBF1F9A86
                                                                                                                                                                                                                                    SHA-256:429C1A9EF533065D4FD1180589632AD3963BCA45DA9FF50A50CEECDAE937F650
                                                                                                                                                                                                                                    SHA-512:ED990958E6E079D03FC704819110CC5FD306012003C2378252275B880E439755E6BC28BE66473D314C880DAD9E30227674CA7559AA668ED08D9CCAF7E0E3E700
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q..f.........." ..0..6...........U... ...`....... ..............................'.....`..................................U..O....`..x............@..............\T............................................... ............... ..H............text....5... ...6.................. ..`.rsrc...x....`.......8..............@..@.reloc...............>..............@..B.................U......H........%..X%...........K..X.............................................~....}.....(.......(.............s....(.....*..0............(....u.....+..*..{....*"..}....*.....(.....*...0..%.........u...........,....+..o....u.....+..*....0..y.........{....-..(.......+....,&..(....r...p.......s....(.......}.......r+..p(....u....}.....(.........,...(.......~ ...(......*....0............{....-..(.......+....,z..t ......o!...o"....+!.o#...t".......o$....o%...o&......o'...-....u#......

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.Diff.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):63952
                                                                                                                                                                                                                                    Entropy (8bit):5.954979204992526
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:gb4+aY6y54OMOcVd4ztR87LBkwiFHqJ5gp2lSY/AAAxAAAAAAAAAA4HEYEyvvfFj:gbjaY6FBOcVy28s7rHTS7Y
                                                                                                                                                                                                                                    MD5:38BB6C78E03943FACD20A0A76CEF865A
                                                                                                                                                                                                                                    SHA1:AC259FF87FD60E9E749B5DE8372A3AE4E376AC12
                                                                                                                                                                                                                                    SHA-256:FA43C881BA0D44A2AA150295131900F899E471E6E06FE7B9741CC22985C5F3CD
                                                                                                                                                                                                                                    SHA-512:0113E42DDE23556299B18958444ACB118B42AA15C57A79AEDCFC34B4DE0DDA14BE12C7D8D1EC840E9E7B912C5C2E87E45093021A058B5045F4AB1287BAC832F5
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..f.........." ..0.................. ........... .......................@.......y....`.................................`...O.......$.................... ......(................................................ ............... ..H............text........ ...................... ..`.rsrc...$...........................@..@.reloc....... ......................@..B........................H.......8~...|............................................................{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*.0..........s.......}L.....}M.....}N......}O......}P......}Q......}R....(............(....(.....L...(....(....(...+(...+.(...+...{L...}..........(....(.....M...(....(....(...+(...+.(...+...{M...}..........(....(.....N...(....(....(...+(...+.(...+...{N...}..........(....(.....O...(....(....(...+(...+.(...+...{O...}..........(....(.....P...(...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.FileListContainer.NoStaging.Wpf.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):26576
                                                                                                                                                                                                                                    Entropy (8bit):5.984382468606047
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:G5EEEEEEEEEVcSDFifPWHKMsjaoCDgSwSVsDYi3:G5EEEEEEEEEVcQFCFjmwbD73
                                                                                                                                                                                                                                    MD5:F800A4B5ABA0FBFC450FA3EA6C0EE1A8
                                                                                                                                                                                                                                    SHA1:C11A9B15728E16D8266714875138EF67D698A05C
                                                                                                                                                                                                                                    SHA-256:BCCCE1C57001E100D1300A208250A16FFB0F611E25778D6470C823BC9FF34DB8
                                                                                                                                                                                                                                    SHA-512:5920EC59D119357CB31854775F3E7FFE94A41D1CB8EAB2868A6DE441B9E4F9D7A5A8A05B71F4391BC5015FB3C3BC0D6B2C12C396A89F1B76C3A9B6B14B6F10B6
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........." ..0..L..........Bj... ........... ....................................`..................................i..O....................V...............h............................................... ............... ..H............text...HJ... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................$j......H........'..............PV..h.............................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*..{....*...0..V.............(....}....s*......}......}......}.......}.......} ......}!......}"......}#......}$......}%......}&......}'....(............(....( ........(!...("...(...+(...+.(...+...{....(...........(....( ........(!.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.Theme.Wpf.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):4281808
                                                                                                                                                                                                                                    Entropy (8bit):7.861613882778435
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:98304:KscH/cHi4Ng+K4jmTSugvSug7noHyuJrSrBoCunNSGNjkjIQqN4k:KscH/cHi42+K4jqSlS1noHyYrSOGGCqj
                                                                                                                                                                                                                                    MD5:EFB8D1120B8741BEA6C254CC875AA182
                                                                                                                                                                                                                                    SHA1:9F0028CE26BF8750CF57A124245B129FD000ACAD
                                                                                                                                                                                                                                    SHA-256:59F89F2821B7B03F425DE9065C1155B38CB27337F262D4D4B5A10200CEE4E21E
                                                                                                                                                                                                                                    SHA-512:BA43B03074EFF51FFF075FF665EFEB9B1AEF5AE80C6DC4DE221B1C3E6D541C88D52D3F9555F88E06342FB32808266BDD1AA390B0CE6745C0088FF0CB442D66A8
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.c.........." ..0..:A..........YA.. ...`A...... ........................A......A...`..................................YA.O....`A..............DA.......A.....XXA.............................................. ............... ..H............text....9A.. ...:A................. ..`.rsrc........`A......<A.............@..@.reloc........A......BA.............@..B.................YA.....H........|..|...........@....L@.........................................>. 4......(....*2......o....*:........o....*.0..,........o....r...p $...........%...%....o....t....*&...o....*..(....*...0..~........u......,nr!..p......%..o ......(!....r....%..o ......("....r....%..o ......(#....r....%..o ......($....r....(%...o&...*rU..p*...0.. ........us.....(....s'......&..((...*.*..................()...*..{....*~..#........#......v@(....}....*..{....*~..#........#.......?(....}....*

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.UI.Window.Welcome.Wpf.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):106960
                                                                                                                                                                                                                                    Entropy (8bit):6.123324576613458
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:KGlxmJUDqFmCx9JAFn8K8INnE0lHkzg8Gi5slh2c7XcsyoIrKogGR5v7y:KGlMVmCx9y5oINrlHkz9G+PyJE5vO
                                                                                                                                                                                                                                    MD5:EC308CB664F25C51BCF287175A684A25
                                                                                                                                                                                                                                    SHA1:0E1C1D90149CFEAD1E461ACB52BCE28835C32C4F
                                                                                                                                                                                                                                    SHA-256:D3D4C0D6ADCAA1018EA992A3BCB0A3C47499F606C4B55780A5C50D91659CBAC2
                                                                                                                                                                                                                                    SHA-512:57749FD1E3B7138F73896FF5CEDDA319EAEA878C852549C0532D4B78B73F61C2AB924E00E28CFF02E31E44C2738EDBD872BE194F3738B4550D3631DA8759844A
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........." ..0.................. ........... ....................................`.................................<...O.......h............................................................................ ............... ..H............text........ ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B................p.......H.......\o.............$(...z...........................................0...........(#.......%-.&r...ps$...z}......%-.&r+..ps$...z}......%-.&rI..ps$...z}.......%-.&rg..ps$...z}.......%-.&r...ps$...z}......(.....*....0..a..........(.........(....o......(....r...p.o...+..(....r...p.o...+.....(&...-..+...('..............+...*...........JU..".....{....*"..}....*....0............(....o...+.+..*....0..m........(....r...p.o...+-X.(....r...p.o...+-E.(....r...p.o...+,2.(....r...p .{3

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileList.MultiColumn.Wpf.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):27600
                                                                                                                                                                                                                                    Entropy (8bit):5.9871362317921575
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:uy7rHQlt4967hSVx5VO1HM9ScXZKzNXtpVuJIYiLSoDNW:S+57spYiLPNW
                                                                                                                                                                                                                                    MD5:B7F026DE84654C6E38F8B8B5707E82B6
                                                                                                                                                                                                                                    SHA1:1334FFF6CEB18771743C83CDB5FF56039725EE19
                                                                                                                                                                                                                                    SHA-256:8DAF0ADB51CC01B21BB5F75029FA9BB5D5E405F078A2034AB4897BE0D3A46CBC
                                                                                                                                                                                                                                    SHA-512:E25C61878D784C9B1FA8BA3DA03D4CE06E0C43ACC584D7C294470B6118B054AC166C63D0CB0D39AEE3D86B02BC35545C559E77E16F2B196865D46E4A70E0CC7C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r..f.........." ..0..P...........n... ........... ..............................z.....`.................................0n..O....................Z...............l............................................... ............... ..H............text....N... ...P.................. ..`.rsrc................R..............@..@.reloc...............X..............@..B................dn......H.......L$..."...........G...%...........................................0..b.............(....}....s.......}.....(............(....(.........(....(....(...+(...+.(...+...{....}....*..{....*...0.............{....("...r...ps#....+..*.0............(.......s.....+..*..($......(.......r...p(%...u ...o&....*.0..4.........o'...u#.....(.....((...o).....(....o*......o+....*.0..b.........(....o,........,.+L.u$..........,=..o-...u%............,%...o........(/...o0.....(.....o1......*..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileList.SingleColumn.Wpf.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):27088
                                                                                                                                                                                                                                    Entropy (8bit):5.975421095993255
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:I9ViQBWvXoI8qcECtFOmeuo7KAfo7HA2+JxfuDMVeonYEIIYi3y08z:ISb/KaBf0Mg0rRYiCL
                                                                                                                                                                                                                                    MD5:B81D31F9E104DFC9BBAA4652A005181F
                                                                                                                                                                                                                                    SHA1:8B6F380A180B408B618911E17F4CCDA4D9EC8966
                                                                                                                                                                                                                                    SHA-256:88D2617BB86E362D67D0974B33BB0B72D3D42D50C4D879FE3CADF3099DA3B2E2
                                                                                                                                                                                                                                    SHA-512:6365D4511460DD623DEBBD7E6B8ECE9001C069E0B0E469997E3C4B9B882A41EEE242198310E032ED9E44552B73A552927DB381BF6B7076EAB684A1411DC03EC0
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..f.........." ..0..N...........l... ........... ....................................`..................................k..O....................X...............j............................................... ............... ..H............text...4L... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B.................l......H........$..."...........G...#..........................................".(.....*..(.......(.......r...p(....u....o.....*j..(......{....o....o ....*.0.............+..*..0............(!...u.....+..*..{....*"..}....*...0..x..........{....o"...o#....+&.o$...t........{....o.....o%...o&......o'...-....u......,..o(......()...o*........,...()...o+.....*........2E.......0..>.........(....o,........,.+(.u9...o!...u...........,...(.....o-.....*...0..o..............,e.s.......o#....+'.o

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileList.TreeView.Wpf.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):29648
                                                                                                                                                                                                                                    Entropy (8bit):6.3946877561100015
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:++pWk7DQFS4HH4UOXpUDCeeufgYNZtrUrp1HElqBPpbHcYIYiykVa:++pWk7ftzZYNZtr5CbHcBYim
                                                                                                                                                                                                                                    MD5:A8505513F8C2AB09F829A9F6540FB0AB
                                                                                                                                                                                                                                    SHA1:6E3D0E91754C4D6C2DDD955D53011239D64F67C6
                                                                                                                                                                                                                                    SHA-256:82B60525A103232E368DA5DCF6898CF2A5872AE783A709AAEB3EE5E612D3B351
                                                                                                                                                                                                                                    SHA-512:826E2CB679ED61267041290410BBCFC317C81EF87C1DED0F2014CDC2496BE527BDC8C4820FCEEE33E71CF477366ACA3D0F5D5BEDEFFDC1B54075EE5CDCBD1EDB
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........." ..0..X...........w... ........... ..............................f.....`.................................`w..O....................b..............(v............................................... ............... ..H............text....W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............`..............@..B.................w......H.......4%...#...........I..(-............................................(.......(.......r...p(....u....o.....*.0..0.........(.........,!..{...........s....o......( .....*.0..-.........(......,!..{...........s....o!.....(".....*j..(#.....{....o$...o%....*.0..).........t......(&...o'........,...(&...o(.....*....0.............+..*..{....*"..}....*.0............()...u.....+..*....0..V.........(....o*........,.+@.u:...o)...u...........,'..o+...u.............,...(.....o.......*..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.Ui.FileListContainer.Split.Wpf.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):45008
                                                                                                                                                                                                                                    Entropy (8bit):6.0860708344519425
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:3plwJHgl4kHr5irMtj8YdGJrUUjv1V/KVYiBvf3:37rirMjoJrFjv1cV7Bvv
                                                                                                                                                                                                                                    MD5:08D919D6CE79585B48A96DBC09BD62B3
                                                                                                                                                                                                                                    SHA1:3607913328C19531C12661E028506A4AB0A4C983
                                                                                                                                                                                                                                    SHA-256:7791BC62601C83DC8443C55495027C7B435879ADC43990BA0FA0C2B372E1A77E
                                                                                                                                                                                                                                    SHA-512:98EBE0B5D2A26BFF4E83E5A67C33DA9D4BC96F78FE73E3B0EF6E903C57DF8904E208EE200A835F57A774B4AB064F7B3DA277DBE61C6520D43AC7119BA5324168
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........." ..0.............&.... ........... ....................................`....................................O.................................................................................... ............... ..H............text...,.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........=...R...............!............................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*..{....*...0..V.............(....}....s@......}".....}#.....}$......}%......}&......}'......}(......})......}*......}+......},......}-....(............(....( ...."...(!...("...(...+(...+.(...+...{"...(...........(....( ....#...(!.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):870352
                                                                                                                                                                                                                                    Entropy (8bit):5.968822484741128
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:U9aEJd3+bt2A/WhpDIOsJUZk5upFAjbW/VUOj67Vx8Ps7h3x883kXbaTm1BqOEK2:U9agJ+bt++ukU22/yZhd2BsK2
                                                                                                                                                                                                                                    MD5:4672BD9DA0C27C16BB9DC4C94672DCB4
                                                                                                                                                                                                                                    SHA1:FD51B8CB2C0F8E6E76DE29102D8F16DF6A78F8BF
                                                                                                                                                                                                                                    SHA-256:9F1453A8524C74558501CD8A933F525076ABE3164C7120FE4B504A1FD9C2D376
                                                                                                                                                                                                                                    SHA-512:048D5A0FF91772CD4CFFFF7F28B96956E99DA529F9B7C230D061F5DFBAC71E2707BB02D02F20E71F9BE140995E42E5B601EC3C1DC6EF8862C23DAC4FAF7CB3F5
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f.........."...0.................. ........@.. ...............................[....`.....................................O.......l............6..............t................................................ ............... ..H............text........ ...................... ..`.rsrc...l...........................@..@.reloc...............4..............@..B.......................H............F...........'..X.............................................{....*..{/...*..{0...*r.(1.....}......}/.....}0...*....0..T........u......,H(2....{.....{....o3...,0(4....{/....{/...o5...,.(6....{0....{0...o7...+..*.0..K....... `EuM )UU.Z(2....{....o8...X )UU.Z(4....{/...o9...X )UU.Z(6....{0...o:...X*..0...........r...p......%..{.....................-.q.............-.&.+.......o;....%..{/....................-.q.............-.&.+.......o;....%..{0.....................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe.config

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):22989
                                                                                                                                                                                                                                    Entropy (8bit):5.1346078941062006
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:+r767Oe767PrHNNymE855lABavHB3SX4VnjCQA8QPdox7GuQ8c33:+X67OM67mg5LAB03y4S8x7GuQ8c33
                                                                                                                                                                                                                                    MD5:03EAAD9B696A5D198A3286ED8C637E1C
                                                                                                                                                                                                                                    SHA1:A6B65D7BD51CEB34835311346AF6CDFE4603D50B
                                                                                                                                                                                                                                    SHA-256:35D2530DA1016B88CB2D94280FDBFE436432419D03CCDBF7C978DD1220C9E92C
                                                                                                                                                                                                                                    SHA-512:CB8B98E6C6BDD3C44F3BADDDE789486EDD0054303E91003111907A21F2EC89A64168BE4A51034EE4C8FAA7152F3971408AD30C9C5741FBA0FD54672E226ED275
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<configSections>....<sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">.....<section name="SourceTree.Properties.Settings"......type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"......allowExeDefinition="MachineToLocalUser" requirePermission="false"/>....</sectionGroup>....<sectionGroup name="applicationSettings".....type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">.....<section name="SourceTree.Properties.Settings"......type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false"/>....</sectionGroup>....<section name="slf4net" type="slf4net.Configuration.SlfConfigurationSection, slf4n

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Analytics.Emau.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):27600
                                                                                                                                                                                                                                    Entropy (8bit):5.964414656719538
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:XaJ+HhScpd69Ii5BRYZkIaOpMQEZX4mS7lkxe7yoaAIYiAdT:U8hScGGeqk4mwOA0JYi8
                                                                                                                                                                                                                                    MD5:5687932684C27D1D7A031EC4FF206A63
                                                                                                                                                                                                                                    SHA1:479F5C37C3221778983D3E7D284F5704B06D1542
                                                                                                                                                                                                                                    SHA-256:2A214783F2DA16208DA94830B5729262B2675346C2C142F5E700B75F5A984F54
                                                                                                                                                                                                                                    SHA-512:71DCF1192CEF1EDD40B97DCFFF1596A8068501D8407A672BA68A7BAF93FE7E20109611BACE4D68D6014EE0E29D820B4D7DE022D33F049DE4CA2840C8023E0B49
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..R..........Fp... ........... ....................................`..................................o..O....................Z...............n..T............................................ ............... ..H............text...LP... ...R.................. ..`.rsrc................T..............@..@.reloc...............X..............@..B................'p......H.......p7..@7............................................................{....*..{....*..{....*..{....*..(......}......}......}.......}....*....0..s........u........f.,`(.....{.....{....o....,H(.....{.....{....o....,0(.....{.....{....o....,.( ....{.....{....o!...+..+..*..0..b....... ..`. )UU.Z(.....{....o"...X )UU.Z(.....{....o#...X )UU.Z(.....{....o$...X )UU.Z( ....{....o%...X*...0...........r...p......%..{.......%q.........-.&.+.......o&....%..{.......%q.........-.&.+.....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Api.Account.Pat.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):17872
                                                                                                                                                                                                                                    Entropy (8bit):6.093166349175229
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:nffb1NsAbuiVo5LbOcI3VLLG+/5oDq3BEqGCwhFjlshpIYiYF8d7MGNbH3fO:fTTsAKiVIK3VLLx5oDMEqyhbsXIYiBm
                                                                                                                                                                                                                                    MD5:1E0BCD432B7A1B76C2626020389DFF0B
                                                                                                                                                                                                                                    SHA1:BA73C7627E18671AC7B9B15C97C10E39139D9DFC
                                                                                                                                                                                                                                    SHA-256:2B3DA2869265CF60F6022C8008D3096275EF95BB32982D9D3B177C0535AA9C90
                                                                                                                                                                                                                                    SHA-512:932E04B0CD2EC46F83A40AF0F632970F5E5A3238BDF2099D0E1E94144ACF6AB8A813BE630B26CA65F3EE3F79084B40CD2EF8B86C5B0738F3468669F32DBE5395
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....9..........." ..0..*...........I... ...`....... ....................................`.................................[I..O....`..T............4.............. H..T............................................ ............... ..H............text....)... ...*.................. ..`.rsrc...T....`.......,..............@..@.reloc...............2..............@..B.................I......H........(... .............................................................s....(........%-.&r...ps....z}....*...0..M.......s......(....}......}......}......}......}......}.....|......(...+.|....(....*....0..F.......s......(....}......}......}......}......}.....|......(...+.|....(....*...0..M.......s......(....}".....}&.....}#.....}$.....}%.....}!....|".....(...+.|"...(....*V.....(....( ........*.(!...*..(....*.("...*.~....*..*..*..*....0............s.....+..*.0..)...........

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Composition.VSMef.Net48.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):22992
                                                                                                                                                                                                                                    Entropy (8bit):6.042834718053559
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:VgvUdDwHxBc6TRuLdrQxfRdftPxrLsVEBy0EPXSRHoQ1nnmpNu9vn7IYikzG3:+vUdDwHxBc6TwQdrLVtHoQZnmpQ9vnEv
                                                                                                                                                                                                                                    MD5:21040D1A6BA96AF097B103D1370F2292
                                                                                                                                                                                                                                    SHA1:11001E78F6BB90A4367EB8443CA283B2C30E32A2
                                                                                                                                                                                                                                    SHA-256:949D6210E557322F52207EA2B5C4819CEC7C1FB9A05CE666416F5758958B4475
                                                                                                                                                                                                                                    SHA-512:B61A916363B2ECD8BFAEB86C3E0A33BB7BBDF5005822F3E507ACE54C54BCE643737F23C5FBC7E21FE90AB25B5DB01909AC9166F41DAC4D64B4665A1B80E08610
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........." ..0..>..........F]... ...`....... ...............................C....`..................................\..O....`...............H...............[............................................... ............... ..H............text...L=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............F..............@..B................(]......H.......L1..p*...........................................................0............u...........9.....r...p.o....(......(......(......o....(.....~...........%...(......o....%-.&+*(...+~....%-.&~..........s....%.....o .....o!...(....&..+...+..*....0..h.........u...........,R.~.....r7..p(...+(#.....o....(......-.+&.~....%-.&~..........s$...%.....(%......+...+..*.0..I.........u...........,3.~.....ra..p(...+(#.....o....(......o!...(....&..+...+..*....0..y.........u...........,a

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Host.GitLab.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):46544
                                                                                                                                                                                                                                    Entropy (8bit):6.046718187283352
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:zUcRHvuzMrqsweKL0Xo8yAsTiFid5mgNHTUSQz7Dppg07+RSUDeYiTP:5RHcGoYYZAsTF511UdfDppz7uSGe7j
                                                                                                                                                                                                                                    MD5:BD035ACF8FC7114B600299B017554F81
                                                                                                                                                                                                                                    SHA1:1B9A53322FA33819CE659DF1266723972F53378F
                                                                                                                                                                                                                                    SHA-256:779055C24FF675F25D41177084F272F973CA119D5D42C4212AA683EBF820B765
                                                                                                                                                                                                                                    SHA-512:D8F66A0F5C6204D297A3E95376F6D40087B8A66C3D75A7579153AC48E613B51A6951EADCD792EA310ABD2B39C7AB7FC8D004493E932D20D9EDD6E7624C39DD06
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...].l..........." ..0.............v.... ........... ....................................`.................................#...O.......<..............................T............................................ ............... ..H............text...|.... ...................... ..`.rsrc...<...........................@..@.reloc..............................@..B................W.......H.......,O...h............................................................{....*..{....*..{....*.0..i.........}.....s....%r...po.....}.....(........%-.&r...ps....z}......%-.&r...ps....z}......%-.&rE..ps....z}....*...}.....s....%r...po.....}.....(......*..{....*.~....*.~....*2.(....o....*2.(....o ...*....0.............s!...(.....+..*...0..............(.....+..*...0..?.......sj.....("...}$.....}&.....}%.....}#....|$.....(...+.|$...($...*..0..5.........uV........,..(%...ro..ps&.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Host.Msft.TeamServices.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):39376
                                                                                                                                                                                                                                    Entropy (8bit):6.020595067384482
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:5AUHlza1biXp4uBtiwfn78iiEDw1FHvnetVigrxcPmifqOV9Jo6zaLE4g3BfKOph:5Xa5WxBn78AunMbgHHzaY4g4WbZMYim
                                                                                                                                                                                                                                    MD5:B380931B77F676A6847BFA4F8E78C34A
                                                                                                                                                                                                                                    SHA1:02146EF9894A5A435BC2810E9B9B2B92B82D7E26
                                                                                                                                                                                                                                    SHA-256:B7C04AF79F896DB2A4D4CE2A00C3AF051A5324FEEB5F0B07AA402DCF1EE35B75
                                                                                                                                                                                                                                    SHA-512:3D68EAD7196B98A44060BCE642664B35E832FA84E9AE06CD9180760707365E071ED6B1D8F79F5AFFBC72954DFF80EEE0AAC1F4FC9D3C10351AA04A4B7334E3AB
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..~............... ........... ....................................`.................................a...O.......x...............................T............................................ ............... ..H............text....|... ...~.................. ..`.rsrc...x...........................@..@.reloc..............................@..B........................H........F...T............................................................{....*.0..M........(...+}.....s....%r...p(....o ....}......}.....~....}.....~....}.....(!.....*....0..y........(...+}.....s....%r...p(....o ....}......}.....~....}.....~....}.....(!.......%-.&r...ps"...z}......%-.&r/..ps"...z}....*..{....*..{....*....0............(...+.+..*.0.............+..*..0..............rE..po$.....,9....S...%../.o%.......r}..p...(&.....s'....s(...().....+.....(*.......,....o).....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Installer.Squirrel.UI.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):39376
                                                                                                                                                                                                                                    Entropy (8bit):6.015034181724645
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:Pwidg1d/pKiwHYzp290nLtGzrqZiraCR9bzcFr/iucceuCBDsW9zG1Wf99G28aqt:yAiAOgzrMwaCRrnzqwOA6pVh6Yi+
                                                                                                                                                                                                                                    MD5:34B1DA7CA117E5FDA9BCE2A6AAF98314
                                                                                                                                                                                                                                    SHA1:D73C4AAFE435F8CD2C26B9EC14353FE5F86F6AFA
                                                                                                                                                                                                                                    SHA-256:4A47FBBB1DE2E7615100D687A2D158BE163158526B928FA72DB00629736BAAA6
                                                                                                                                                                                                                                    SHA-512:236E53A1A2008643136BA15C0DB44B7220E9E531D0E36698A5D35E37DE5E2E301975B825909F386E7C0FC6038518142EF1C5247C25FD5F9E0E67AC2EF027093E
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...m..f.........." ..0..~............... ........... ....................................`.....................................O.......x............................................................................ ............... ..H............text....}... ...~.................. ..`.rsrc...x...........................@..@.reloc..............................@..B.......................H........9...H.........................................................B.(.......(.....*....0..*.........{......,..+...}....r...p.s ......(!....*&...}....*B.(.......(.....*....0..*.........{......,..+...}....r...p.s ......(!....*&...}....*&.(".....*...0..D.....................YE................+.rc..p.+.r...p.+.r...p.+.rx..p.+..*.0.............+..*..0............}.....(#.........s$...}......}......}....~.........,....( .....+...~....( ............(%...r)..p(&..........('...t

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Sourcetree.Installer.Squirrel.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):33744
                                                                                                                                                                                                                                    Entropy (8bit):5.839451160426268
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:JLHCNcBN+hZTgaHuq/xWPd31XWHmp9XJUqVH4VAlpWUzQPE/nlTAP9bJjnuIYi0K:9HScDQZTgI/xnmUVAaxAlKb1njYib
                                                                                                                                                                                                                                    MD5:13B116BB01CDE46C79637A80B55B476B
                                                                                                                                                                                                                                    SHA1:EB8AF793D30F0E949980B96528B1947437BA0622
                                                                                                                                                                                                                                    SHA-256:C3E7216F42A2649937EAF9F004A461B5E921DEEA6D87108C54467FDA8623D805
                                                                                                                                                                                                                                    SHA-512:06D691A166B2FEA39B2D4CA6AAE5B0D1E819670D4E2670A7F3A545E4E6C1120CCF4E2F46171A7DCF693C380F6C896D7E11C794EEA0A37DE8F62964EBDEB69BC4
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........." ..0..h............... ........... ..............................X.....`.................................`...O.......h............r..............(................................................ ............... ..H............text....f... ...h.................. ..`.rsrc...h............j..............@..@.reloc...............p..............@..B........................H........=...G............................................................{....*..{....*V.(......}......}....*...0..C........u........6.,0(.....{.....{....o....,.( ....{.....{....o!...+..+..*. .*Q. )UU.Z(.....{....o"...X )UU.Z( ....{....o#...X*.0..b........r...p......%..{.......%q.........-.&.+.......o$....%..{.......%q.........-.&.+.......o$....(%...*..{&...*..{'...*V.(......}&.....}'...*.0..C........u........6.,0(.....{&....{&...o....,.( ....{'....{'...o!...+..+..*. ..*. )U

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Splat.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):97712
                                                                                                                                                                                                                                    Entropy (8bit):6.058816063426917
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:FbJb5xskXd3xb0krrxP9pU8ndLFPc6bpj55sJqsH5m3lyypgCu/XIjBqr75FMP3E:FbJb5xskXd3xb0krrxP9pU8ndLFPc6bs
                                                                                                                                                                                                                                    MD5:3A1CD045279B1558AACC3F5E5602C558
                                                                                                                                                                                                                                    SHA1:38E43122B3F57804F92119502982144407078B93
                                                                                                                                                                                                                                    SHA-256:6E2F285F4F9544953B6A195DA6B219ED94DD5ED2212B5E45E9EB8C82C2AEE9C3
                                                                                                                                                                                                                                    SHA-512:3F16273441B971418668BE2DA84661864F1C96269C70DFDE81B968D9ACFA0C0FB6146B6F9D40AD325F4D985D40A8737B8E82CA985F6B0CB3D14AFAB8FAA8422E
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@1..........." ..0..T..........fs... ........... ....................................`..................................s..O.......D............^..............`K..p............................................ ............... ..H............text...lS... ...T.................. ..`.rsrc...D............V..............@..@.reloc...............\..............@..B................Hs......H........z..D...........................................................V!..c.)>...s.........*...0...............(.......A...%..o.....o....r...p(....~....o.....%..o.....o....r...p(....~....o....r...p~....o.....~....%-.&~..........s ...%.....(...+(...+...+8.....r...p.o#...($....(%........(&...-...('........*..X....i2...........*:.((.....}....*.~H...%-.&~G.........s)...%.H...s....*..|....~I...%-.&~G.........s)...%.I...(...+o+...*..((...*B.((.......}....*&...{....**....}....*v.s

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Squirrel.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):269776
                                                                                                                                                                                                                                    Entropy (8bit):5.993408021219005
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:zgG3SVNhRL99RbtQZFT4ATfhrhtYTV9lLTmw8pgMBwyb6Yp/1c:p3YNhRL99RbtQzylXmw6e
                                                                                                                                                                                                                                    MD5:D2F7401EF7B8A24C5438C45AC022C628
                                                                                                                                                                                                                                    SHA1:3D00CF6300332B95D2C838C334E3D55D1D17E4DA
                                                                                                                                                                                                                                    SHA-256:C772654BE38413066074989F78AFA138CAE2604F464E39B116C88AA72BA1B6F7
                                                                                                                                                                                                                                    SHA-512:54AF6B5FC4B487366B7ED43EDC66BD27470460340AEF5F3E5849C1C82C028910C248CAF04A21C33A0CEB1816213C2B3C9F742F8282D9C07B7F93EC6FDE1E2D95
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....i..........." ..0..............#... ...@....... ..............................c.....`.................................."..O....@.......................`.......!..T............................................ ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................."......H........................................................................{0...*..{1...*V.(2.....}0.....}1...*...0..;........u......,/(3....{0....{0...o4...,.(5....{1....{1...o6...*.*. ... )UU.Z(3....{0...o7...X )UU.Z(5....{1...o8...X*.0..X........r...p......%..{0............-.&.+.......o9....%..{1............-.&.+.......o9....(:...*V!.T<......s;........*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(2...*..r;..p}....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Svg.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):561616
                                                                                                                                                                                                                                    Entropy (8bit):6.195864538961728
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:12288:jGYJpQU2ZegV1jnQxZdlCG3pFb6KtXX2nrfSNT6v2q6w74:7QwgV1jnQxZdlCG3pFb6KtXX2nrfSNTf
                                                                                                                                                                                                                                    MD5:17F4A387094A6C7E5A86246BA044BB44
                                                                                                                                                                                                                                    SHA1:C90D4D425943F21301951CC3778E7C5B184880FF
                                                                                                                                                                                                                                    SHA-256:46394D69C1818F461FA4FAD966FFDA43FFDF9C294607976299E3AA70C323C716
                                                                                                                                                                                                                                    SHA-512:3BDB6E164470C5BBF5DC660F1A275FA82F5AF0FEB781D0DDE6832B92F5B59B0E2F9813624DD33CF6C40441D59315147F9294A88ABD932A6433D6DFBA93170B9C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F.DW.........." ..0..P... ......Bk... ........@.. ...............................|....@..................................j..O....................................i............................................... ............... ..H............text....K... ...P.................. ..`.rsrc................`..............@..@.reloc...............p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Collections.Immutable.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):302216
                                                                                                                                                                                                                                    Entropy (8bit):6.537959551271411
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:UgQflmXU2jFqgqXf3sHwcmtpAGb2Fwz5UcEUcsoJ:nQflEf2yEXbs7cNc7J
                                                                                                                                                                                                                                    MD5:D8203AEDAABEAC1E606CD0E2AF397D01
                                                                                                                                                                                                                                    SHA1:EEF943E4369166A039DEE90F2D81504613D49CA0
                                                                                                                                                                                                                                    SHA-256:2F05A2C489C2D30A6CCA346D4CE184323D70EB4F5AFA6BED34D5800274444E57
                                                                                                                                                                                                                                    SHA-512:CE09543CBB799DB65C71EA9D050CEF99D702D9AF0CC4C7E346F97F616B091D0AB9A211197CAF7FD5A53AF1BA6CE913B2B121499D36CD43B499FD201376F4F3D6
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.Z.........." ..0................. ........... ............................... ....@.....................................O....................^...>..............8............................................ ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc...............\..............@..B........................H.......................d...(.............................................(....*j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r5..p.(....*2rq..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rK..p.(....*2r...p.(....*2r...p.(....*2r.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Composition.AttributedModel.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):24712
                                                                                                                                                                                                                                    Entropy (8bit):6.841088534064379
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:yqhacFbIIXti0hwwIvNT+WI4UxcWmD5sngm0GftpBjAElEaQHRN70ENAODKleMhW:yLc2aYJo4UxcDGngViBELZtz
                                                                                                                                                                                                                                    MD5:28D1551376C2B30981490321B8C18CF9
                                                                                                                                                                                                                                    SHA1:C025C4E0DC1576F3276C7C4CABE0BA1B25C8C7C6
                                                                                                                                                                                                                                    SHA-256:5FF6E535D0AB1D52A44D0EA3A72DC7F9024121BF254BEACBC64B60FAE7BC5C6B
                                                                                                                                                                                                                                    SHA-512:6C963659511DAA552AF51C6F0921125545EBE78B684691C7D66604DC5DF484353295449967787724DAFD3C3008C20576CCBEACF51C8A73602908C482668B44AE
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.Z.........." ..0.............R7... ...@....... ...............................`....@..................................6..O....@..............."...>...`.......5..8............................................ ............... ..H............text...X.... ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B................37......H........!..0....................5........................................(....*&...(....*&...(....*&...(....*V.(......}......}....*..{....*..{....*z.(......%-.&~....}......}....*..{....*..{....*"..(....*:.(......}....*..{....*..{....*"..}....*"..(....*:.(......}....*..{....*V.(......}......}....*..{....*..{....*..(......%-.&r...ps....z}......}....*..{....*..{....*6.r...p.(....*6.r...p.(....*2.(....t....*v.(......%-.&r+..ps....z}....*2.{....s....*..(....*.BSJB............v4.0

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Composition.Convention.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):59128
                                                                                                                                                                                                                                    Entropy (8bit):6.348080293484396
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:3ROu6y/b7cNjhLBaoeK7BzzZSzqye/a7sengq4/LfJmcs6TN1x8iEDGEB/Qbe:38ty/b7cNjhLBY0NcTuQ3EahGEBIS
                                                                                                                                                                                                                                    MD5:8246FE61081B4C23FFD9C45DD0E4B15B
                                                                                                                                                                                                                                    SHA1:02B3A0404BDFE06F0BCDDDEA28FF2FFF059D805D
                                                                                                                                                                                                                                    SHA-256:0BD24C729772169C995590D0FAA92FFD428A9E17C41845C614C4AFBA5B0C787F
                                                                                                                                                                                                                                    SHA-512:24A56590AD205EEE0862D7B20BBEE3FDF036573C646999376A908B9A95B81415C6A282F9D92E89363144603585F5D8DB0701C9B3AF0407728710E6821091BBF1
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.X.........." ..0................. ........... ....................................@.................................t...O........................>..........<................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......PH...d.........................................................2(.....(....*2(.....(....*2(.....(....*v.(...+...@...%...(.....s....*6(......( ...*...s!...}.....s"...}.....s#...}.....s$...}.....(%...*.0..3.......~&...%-.&~'.....(...s)...%.&...s*.....{.....o+....*..0..=.......s.......}6....{6...r...p(...+.......s)...s-.....{.....o+....*....0..3.......~,...%-.&~-.........s)...%.,...s*.....{.....o+....*..0..=.......s.......}9....{9...r...p(...+.......s)...s-.....{.....o+

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Composition.Hosting.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):62184
                                                                                                                                                                                                                                    Entropy (8bit):6.299779414435745
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:+EcBlJ8+HDTAwiufvwKdxL2sOkheu4jGEBY/:+XDTssIOBTOkMu4jGEm/
                                                                                                                                                                                                                                    MD5:D84515EE702052020EAAB048C0C221E3
                                                                                                                                                                                                                                    SHA1:176D597AD944EFD1774759F9032D86C8BA216813
                                                                                                                                                                                                                                    SHA-256:7A26E95E0F75E803ADB555ECFD02BCA59A533A4855DB6C861A3DEFB619DCE813
                                                                                                                                                                                                                                    SHA-512:A315215D0D8065E7922CBA3313D61C8FF8927B6D5A9D1E4A47BD5DB9F664A769844FB4D66FB1B7E2F39BC9E9B63E7E4693499B63CFD25C7989C300E001BC9C08
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.X.........." ..0.............>.... ........... ....................... .......B....@.....................................O........................>........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........J...o.............P...4.......................................f.(.....r...p(...+..}....*..(....*...0..e........r)..p(...+......%.s.....%.s.....%.s.....%.s.....%.s&....%.s#.....(...+(...+..sn...~....sx.....s....*:.{......o....*2.{....o{...*.~.........*....0..F........(...+(.....~D...%-.&~C.........s....%.D...(...+(......(....,.(....*.*r.(...+.o ...,..(....*.o!...*..0..|........(...+.o ...(.....o!.....o!...r=..po"...o#.....o$...~E...%-.&~C.........s%...%.E...(...+.rA.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Composition.Runtime.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):29928
                                                                                                                                                                                                                                    Entropy (8bit):6.631456069226432
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:bHAtlI1bvGA9iCsyeHp+AJasJxTTa+yubC6sOwiyuGny2jUG+NWQ1txfWoQ7q0Gz:bgtlIQbLa+5C6pwjnTOj1tx8iWQEBXSv
                                                                                                                                                                                                                                    MD5:D18C354A78688D6A3CF68A0567AF40E3
                                                                                                                                                                                                                                    SHA1:064A5FD748BC75F485196E1001C704AEF20B3F5B
                                                                                                                                                                                                                                    SHA-256:C419E3D51F9EEFB1F6FC0FB7CCF9B5AC5CC4B75FA75131D4AF0C74252914EB10
                                                                                                                                                                                                                                    SHA-512:99FCE5F32F6E1FDC854532EE82D355DC33C844C5DF491C1A01FAFF146BB9D1C8BADB889F2AE9E53A5CEE62411B86AFE83404434DDF6EF0A7C235DAD38A490F1D
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.X.........." ..0..,...........J... ...`....... ....................................@.................................pJ..O....`...............6...>..........8I............................................... ............... ..H............text....*... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B.................J......H.......d(..D............F.......H......................................"..(...+*^......(.....(.........*>...s.....o....**....(....*&...(...+*...0..,.............(.......(....-.........*.............*&...(....*:...s....(....*....0..'...........o....-.(..........%...(....s....z.*&...(....*....0..0........o.....s....%r...p..'...o....s.......(....t....*"..(...+*^......(.....(....t....*..(....*r.(.....-.r...ps....z..}....*...0...........{....o......o.....o....s....*>..(......}...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Composition.TypedParts.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):64760
                                                                                                                                                                                                                                    Entropy (8bit):6.401535990700894
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:KEjWUFaYTSGt60JBL4AZ9W5RlB1FhAQXGT8xv635lWJz2Ek1ycx9NzsLTeHbWOCx:KRqVfoASWqGpMk1PzsGHNFmOEBkbQ
                                                                                                                                                                                                                                    MD5:B91887BFCA35E50CCE9F2D7102C88706
                                                                                                                                                                                                                                    SHA1:0607290006D8C4D92BD1233D7E061EE714D0D53B
                                                                                                                                                                                                                                    SHA-256:2C609BED3BBD2BE810471E31E36B12CB321A50FC2541E8F29C1F59C8CF869C41
                                                                                                                                                                                                                                    SHA-512:8D69D2E9329BEF2EA2767C69A04171ABDB3E7334F69519481ECCA50667F339C78187AD07BB41D116F554BE99733375712129D441EF7B6FC8D8F036EA81E2125A
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.X.........." ..0.............J.... ........... ....................... ......K.....@.....................................O........................>........................................................... ............... ..H............text...P.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................,.......H.......XR...v.......... ... ...@.........................................{$...*..{%...*V.(&.....}$.....}%...*...0..;........u......,/('....{$....{$...o(...,.()....{%....{%...o*...*.*. {.]. )UU.Z('....{$...o+...X )UU.Z()....{%...o,...X*.0...........r...p......%..{$....................-.q.............-.&.+.......o-....%..{%....................-.q.............-.&.+.......o-....(....*..{/...*..{0...*V.(&.....}/.....}0...*...0..;........u......,/('....{/....{/...o(...,.()....{0..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.IdentityModel.Tokens.Jwt.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):90224
                                                                                                                                                                                                                                    Entropy (8bit):5.766540538995541
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:Bnpx/t6mEPxK0904x9kZN9XNEgfpXaXr0iMJgBGILkDzVZl0+88niFF2G5m5uqji:ZpRD4x9kZN9XNEgfpXaXr0iMJgBGILkm
                                                                                                                                                                                                                                    MD5:F4AE87E527CEA833749B2B0742B30BF3
                                                                                                                                                                                                                                    SHA1:06DD3CEAAFC8FA82C8C479285B77DB847C4C60FB
                                                                                                                                                                                                                                    SHA-256:CD4D3CEA14692835DE3BE100748B0A487A72A072B3313392D0736914CBB418D7
                                                                                                                                                                                                                                    SHA-512:1348C946AE066510A6A6333B0EDA8413370088E90F20D239A8F1BA44C28DA6CE7AF130841EFB0158AD016701EF5158086A3A4607578B42FE0CF0DF80D09C7D62
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[A............" ..0..............7... ...@....... ..............................0.....`..................................7..O....@..............."..p>...`.......6..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................7......H.......|`......................h6.......................................0..........s....%r...pr...po....%r...pr...po....%r ..pr,..po....%r...pr...po....%rG..prU..po....%r...pr...po....%re..prs..po....%r...prs..po....%r...pr...po....%r...pr...po....%r ..pr(..po....%r...pr...po....%r...pr...po....%r...pr...po....%r...pr...po....%rr..pr...po....%r...pr...po....%rN..prd..po....%r...pr...po....%r...pr...po....%r...pr...po....%r~..pr...po....%r...pr1..po....%r...pr...po....%rm..pr

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Memory.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):141184
                                                                                                                                                                                                                                    Entropy (8bit):6.115495759785268
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:IUGrszKKLBFa9DvrJGeesIf3afNs2AldfI:jBFd3/aFs2
                                                                                                                                                                                                                                    MD5:6FB95A357A3F7E88ADE5C1629E2801F8
                                                                                                                                                                                                                                    SHA1:19BF79600B716523B5317B9A7B68760AE5D55741
                                                                                                                                                                                                                                    SHA-256:8E76318E8B06692ABF7DAB1169D27D15557F7F0A34D36AF6463EFF0FE21213C7
                                                                                                                                                                                                                                    SHA-512:293D8C709BC68D2C980A0DF423741CE06D05FF757077E63986D34CB6459F9623A024D12EF35A280F50D3D516D98ABE193213B9CA71BFDE2A9FE8753B1A6DE2F0
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`............@.................................X...O.... ..0................#...@...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Net.Http.Formatting.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):185544
                                                                                                                                                                                                                                    Entropy (8bit):6.1143984102987075
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:I8eNPCLiHSIZ8gcAx081w88sss9wNACJ1xZ7iOo7EM22PBdc:xeF5HSIwHACRVS9P8
                                                                                                                                                                                                                                    MD5:589E1B764C0DC53BF645054960626AB1
                                                                                                                                                                                                                                    SHA1:A5616537CA4E4AD5EB0BEB48863AE65E9EA91080
                                                                                                                                                                                                                                    SHA-256:1C7FA94DE5E727852934387B6B0094ABC16F660C6C91B38FB3F5BC580CFBDC1F
                                                                                                                                                                                                                                    SHA-512:DFD6924DD7BAF7EB1B8D3CC862FD7FB4A311818EE5684C7A85E3106EAD0F3DAE2A79956AAD9B5404C88A1D2607CAD627D0EFD729E9A9C1C1425B907884FBD1D7
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E..T...........!..................... ........... ....................... ............`.....................................K...................................h................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H......../..............p...u2..P ......................................d.G..n.y=.v..].....Y...wE...#.".q[...f..N....k.:sj.D...q.`6o.........A..zt..P.6.+..{8....(...'_L[...X....~..yr....Z>/..t.8..0............i...X.........o.............*..0...........u......-..(...+..*..0..$........u......,..*.u......-..s......s....*.0...........u......,..*.s....*..0..$........u......,..*.u......,..o....*.s....*B...o.....Yo ...*....0..<........o!.....E............+..........*..o".....*.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Numerics.Vectors.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):115856
                                                                                                                                                                                                                                    Entropy (8bit):5.631610124521223
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS
                                                                                                                                                                                                                                    MD5:AAA2CBF14E06E9D3586D8A4ED455DB33
                                                                                                                                                                                                                                    SHA1:3D216458740AD5CB05BC5F7C3491CDE44A1E5DF0
                                                                                                                                                                                                                                    SHA-256:1D3EF8698281E7CF7371D1554AFEF5872B39F96C26DA772210A33DA041BA1183
                                                                                                                                                                                                                                    SHA-512:0B14A039CA67982794A2BB69974EF04A7FBEE3686D7364F8F4DB70EA6259D29640CBB83D5B544D92FA1D3676C7619CD580FF45671A2BB4753ED8B383597C6DA8
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ..............................DF....@.................................f...O........................>.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Reactive.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):1263056
                                                                                                                                                                                                                                    Entropy (8bit):6.2763975065860915
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24576:s39jNmNVJwpfPNkNPpKRkCYkEm1wXU0Rp/E7i5/mZ6zcr/7ZQI40bLFcs6AE:5U047r6AE
                                                                                                                                                                                                                                    MD5:B5CC6EDD50B049AF8E26A02AE99A4760
                                                                                                                                                                                                                                    SHA1:6CB154AFD2CDE5E269E5D88BF28655DA61DBFE16
                                                                                                                                                                                                                                    SHA-256:791694D3E460EDE3576D152DF278274F55D146B11BAEAC69E8F3A7274D761380
                                                                                                                                                                                                                                    SHA-512:816F31D5A730C60ABBE815608E3FC3A17846AB0B5B6E250325E713FBE11918C4F4C575FFBD40DC547D34CE77C809F42DB1D44172E65BDD7F379C01AC220DD862
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............:... ...@....... ....................................`.................................=:..O....@..D............&.......`.........p............................................ ............... ..H............text........ ...................... ..`.rsrc...D....@......................@..@.reloc.......`.......$..............@..B................q:......H............C...........q......l.........................................(=...*..-.r...ps>...z.~?...~c...~b...s@...oA...*..-.r...ps>...z.-.r...ps>...z..~c...~b...s@...oA...*..-.r...ps>...z.-.r...ps>...z.-.r...ps>...z...~b...s@...oA...*..-.r...ps>...z.-.r...ps>...z.-.r-..ps>...z..~c....s@...oA...*...0..G........-.r...ps>...z.-.r...ps>...z.-.r...ps>...z.-.r-..ps>...z....s@...oA...*..-.r...ps>...z.-.rE..ps>...z...(...+*..-.r...ps>...z.~?...~c...~b...s@....(...+*..-.r...ps>...z.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):16768
                                                                                                                                                                                                                                    Entropy (8bit):6.378509219645678
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:erLXx0hyLsbb3rxVj7WU2WLTYoW4GD5dHnhWgN7acWlbAkWD7DiqnajKs3WoHpZ:Ih06sbbVVPWU2WPY7dHRN77RGlGs3jJZ
                                                                                                                                                                                                                                    MD5:9A341540899DCC5630886F2D921BE78F
                                                                                                                                                                                                                                    SHA1:BAB44612721C3DC91AC3D9DFCA7C961A3A511508
                                                                                                                                                                                                                                    SHA-256:3CADCB6B8A7335141C7C357A1D77AF1FF49B59B872DF494F5025580191D1C0D5
                                                                                                                                                                                                                                    SHA-512:066984C83DE975DF03EEE1C2B5150C6B9B2E852D9CAF90CFD956E9F0F7BD5A956B96EA961B26F7CD14C089BC8A27F868B225167020C5EB6318F66E58113EFA37
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...........!.................3... ...@....@.. ..............................t@....@.................................@3..K....@...................#...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........$..0...................P ......................................._.%c......=.n')...(v..:}.d...3...B...).. .:Q(....L.jt....}Xv.b7y0r.[..$.....q..c.6.....p..2..qHv/.pb.=..9.o"z.. 0P.t%H....U...0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Threading.Tasks.Dataflow.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):182504
                                                                                                                                                                                                                                    Entropy (8bit):6.3000110481768665
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:uR70lPIrilK+sVo9FpmRNxBUa0A9ZIQ9yI4CTb7QEgOYrpiwW3foZ:nlDGoX+NrU2j/rb7QEgOspKM
                                                                                                                                                                                                                                    MD5:B2DAC916651BC40094D96BC68BEC5434
                                                                                                                                                                                                                                    SHA1:3503B68DF7E21F4883C2141C0CF5BDB18603CE2B
                                                                                                                                                                                                                                    SHA-256:AC55053D9EEC9C15D87D8C4065B8426C2C854B86047725CFCD16C74347CF7EC9
                                                                                                                                                                                                                                    SHA-512:D7D18D39C69FB14AB33A18CE0958CA634237BA7FE641BEEABCE3AA9D87A3607D8567E9BA2FA3D08204CD1E7F9ED697736556E3BD972F8EB33BAD31BFC9ED2A4C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....]T...........!..................... ........!`. ..............................F.....`.................................d...W........................>..........,................................................ ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...........,........... .......P .......................................L..4X..=.B.'.....^..dy;......2.{W...s...X...j;.8X>.......GD.Hf..~......D.....Y.....`..!......_..H......QF...r...I....-.r...ps6...z.-.r...ps6...z..~`...o7...*:..~`....(...+*....0..J........-.r...ps6...z.-.r...ps6...z.-.r...ps6...z.-.r5..ps6...z...s8.......o7...*..-.r...ps6...z.~:......o9......*6..(:...(...+*....0..s........-.r...ps6...z..(;...,..(...+*.~:......o9............+.~;.....2~<.....*.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Threading.Tasks.Extensions.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):33048
                                                                                                                                                                                                                                    Entropy (8bit):6.6348573111740015
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:22R9PE8XHrMzTGavb05Mlw065eUGef8Y72tH7arW+JWBJosYHNfPfLeEdtpBjdY4:zRF1XAvGUYSbINc3YBbeEl7YR7Lh8J
                                                                                                                                                                                                                                    MD5:EF26E8A9829D19BF95A11DF63FA94815
                                                                                                                                                                                                                                    SHA1:602F4ABC80757ED2DD9CE1F5AA008ACC1633A180
                                                                                                                                                                                                                                    SHA-256:1F54718BBAB6E7A649E460F5097ED444F33452B1451841F67E2E194641D5FCCD
                                                                                                                                                                                                                                    SHA-512:36328F13F6F2A6FBAF3CDAB5C896C113E9419611468975D070B6DADD81342E038B299D42E9459558126627D4DCBFF61FEE7CB7ACAEC120B1FA01B231FB491B87
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..8..........fW... ...`....... ...............................<....@..................................W..O....`...............B...?...........U..8............................................ ............... ..H............text...l7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B................GW......H........0...%...................U........................................(....*..(....z..(....z2.(....s....*2.(....s....*:........o....*.~....*~.-..(......}......}......}....*~.-..(......}......}......}....*Z..}......}......}....*J.{....%-.&.*o....*^.u....,........(....*.*~.{.....{....3..{.....{......*.*&...(....*2...(.......*....0..'........{......,..u....%-.&..(...+(....*(....*n.{....,..(....s....*.q....*..0..a.........{....o0.....,;..{....o2...(......;...3.~.......s......

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Web.Http.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):471240
                                                                                                                                                                                                                                    Entropy (8bit):6.018709191556267
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:10ZRXyKkm4GosAHvWlrIUgHCVF0LU8D1hfLte/3icSSyv94dO0fwR67jpfd/kpPt:101k0oNvWlrIUgHeF0LDeacSSdV7v6t
                                                                                                                                                                                                                                    MD5:1982B5586DE16B532074211AB7DA1CA6
                                                                                                                                                                                                                                    SHA1:ED3E73BA41910D32618EBBB5E82BF9E74B51B062
                                                                                                                                                                                                                                    SHA-256:A47387C4A098DF3A57B967F1FF8604C7578F75B1481B2B969DF68DCEEF83ADFA
                                                                                                                                                                                                                                    SHA-512:CBFFC5946773805EC1AE610C222EC8ABC65E39D561BD7E8CC98DC86655C218B5BD0CC15896D1F63FB061E493D7E5B88F26CF41FB5FAA24C4C754ADDE3792FC2B
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F..T...........!.................*... ...@....... ....................................`.................................H*..S....@..8....................`.......)............................................... ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B.................*......H.......4...............F..t[..P .......................................:.5.A}.........|.=Ai.'9.w-3.....W.2}....m&.x(....=hw.......?.a....`.&.`.H.......2....P'..P....O.._....B=.{...%...}*t.-.0............i...X.7.......o!.......7....*..0...........u8.....-..(...+..*..0..$........u9.....,..*.u:.....-..s#.....s$...*.0...........u:.....,..*.s#...*..0..$........u;.....,..*.u<.....,..o%...*.s#...*B...o&....Yo'...*....0..<........o(.....E............+.....7....*..o).....*.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\System.Windows.Interactivity.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):44496
                                                                                                                                                                                                                                    Entropy (8bit):5.907928794510542
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:cMazwAgR8/XJ665bKZdxuB8DCuL5enM7JxKjuMlZCZN+R0E7EwYi+1:c3wBccZdxuB8mQen6JxKjrlMZgR0EowO
                                                                                                                                                                                                                                    MD5:057E9697B5F62B8121A6960B68101E36
                                                                                                                                                                                                                                    SHA1:FEF051A0FE52CAFE04EE67FBA19C3D6306311646
                                                                                                                                                                                                                                    SHA-256:D901C3A6E2ADAA67C9F2269C331835ABDD0D53508848D869F6497F3F8D994741
                                                                                                                                                                                                                                    SHA-512:F6F90617B594BE92C73BF3C8C548EDA6EC935AF2195ED273A1B4BFFCD14BF72135B1029B1406206C70B35FB6A6B44945EBC5984141140ED40E43D47DD222EBF5
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...du.K...........!..................... ........ ;. ..............................].....@.................................\...O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......4O..X`..........xD......P ......................................{c...2......q..Z,.C.....3.n.Z..7....R.....T.{yF")i.$JMv...,a.....U...M:,...Z.Q:..c..N.{....<....h%.....:s..T...Z.gSI.....6.(.....{....*...0..&........(..............s....o.....s....}....*...0..K........(.....{....o........,3..+&..( .........{.....o!............*..X...(....2.*..0..L........{.....o"...,=(#...(..................($...o%.......(&...o%.....('...s(...z*.0...........o).......E............d

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\TaskDialog.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):96208
                                                                                                                                                                                                                                    Entropy (8bit):6.508001444476927
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:Pz2pqhm1MxJ1RFN3/l9bbwMh9j+7SeufILVj5IRb7gLtcw5uVfrp7me:rOqhmuJ1T5P9mG7Ip+7Ytcw5u5rpye
                                                                                                                                                                                                                                    MD5:CCABC7F505EF4A731B688FB63BD5AA7B
                                                                                                                                                                                                                                    SHA1:F8DEEF02B0FDD9024D289FBBA27789504CAA7D53
                                                                                                                                                                                                                                    SHA-256:E381382CC58C1E318C938D81E3580D852A419268402682FFE7BA03B0898838DC
                                                                                                                                                                                                                                    SHA-512:FE04412F46724E6C2E0FE2461B55F5180A9BB27AA4BD8B508A4719439BA75FB7B08A5222F9804ADCC999B0FB243689D2FD91D5BBEE11B4F23C8ADAEC5E259804
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}P...........!.....^...........}... ........@.. ....................................@.................................@}..K....................f...............|............................................... ............... ..H............text....]... ...^.................. ..`.rsrc................`..............@..@.reloc...............d..............@..B................p}......H.......................Xd..Zp............................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..(......(......(......(.......(.......(....*.s.........*&...(....*..(.....-.r...ps....z..}......}....*Z.{....,..{....o....*.*..(....*..(....*2.{....o....*&...( ...*..(.....-.r...ps....z..}!.....}"...*...0..H........{"...-..*.o#........($...(%...,..{".........o&...*.{"............o&...*..(....*..(....*.0..A.......

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\TimeZoneConverter.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):27600
                                                                                                                                                                                                                                    Entropy (8bit):6.931218014582907
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:TyA33lsY2krdufyc4RscPEK8pJEWkbfkrYiF:9KLkrd+yc4Ccpihr7F
                                                                                                                                                                                                                                    MD5:B13D2D893418915936EF4F5CE9CFC003
                                                                                                                                                                                                                                    SHA1:34B4E73BA2354650D599734AC3EA55B378D980B9
                                                                                                                                                                                                                                    SHA-256:BBD2D3B8ADF9C5F2890AD621035944598C7EE8AA4459068B5CC396B0525861BF
                                                                                                                                                                                                                                    SHA-512:AC52C1F14C721F068B7C4ABCA264A8FFFFB478E67C7156A5A41D5CDB366F80DF40B2A8CB685AB4E52AAA28AE6333E71B15D6D1AEA9685CE20626BCEBAC44F502
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,E..........." ..0..P...........o... ........... ....................................`.................................wo..O.......<............Z...............n..T............................................ ............... ..H............text....O... ...P.................. ..`.rsrc...<............R..............@..@.reloc...............X..............@..B.................o......H.......h+... ...........L..."...n.......................................0..........r...p(.....rM..p(....r...p(.....s.....o......+N..o......$...%..,.o....%......(...+o.........+.............o.......X.......i2...o....-.....,...o.....s......o......8......o......$...%..,.o....%....%......(...+o.............o....-.........r...p..(...........o...........+!..........o....-......o.......X.......i2....i.1=.......+,..............%...%....(...+(...+o!......X.......i2...o....:!.......,.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\Validation.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):18896
                                                                                                                                                                                                                                    Entropy (8bit):5.989423135377238
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:uppWn7uLcY+nraJoeIZscRqgMIoMiXpWESfMK2YIYiHw:uppWNrcqM9M7iBYiQ
                                                                                                                                                                                                                                    MD5:F9EE632EEC0BD1AE4EA5D00E758202AE
                                                                                                                                                                                                                                    SHA1:E2802CF0DC4ACADB00922C9B6C83FCB2FAAF6446
                                                                                                                                                                                                                                    SHA-256:B0531EAC24F4B82F0F362E8465B1937377A7185F00BFE22D88FCAAAE86011B78
                                                                                                                                                                                                                                    SHA-512:93432AA2B69EF903C698172AC254A952F81463F62D4C65E10FEEDD5A48162A6D4ECE2163A3224DADA776B52527D59FB174FA08D6F346B931DCCC541BD4583CAC
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."s.V.........." ..0..0..........2N... ...`....... ....................................@..................................M..O....`...............8..............TM............................................... ............... ..H............text...8.... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............6..............@..B.................N......H.......p(...!..........|I..X....L........................................(....*.~....-#r...p.....(....(....o....s.........~....*.~....*.......*V(....r'..p~....o....*V(....rO..p~....o....*V(....ry..p~....o....*V(....r...p~....o....*V(....r...p~....o....*V(....r...p~....o....*..o....*B..........(....*..(...+.o........(......o........(....*Z.(...+.o .......(....*N.(...+.(...+.(....*B..........(....*B.u........(....*2.,...(....&*n.,........%...(.....(....&*J.,...(.....(....&*2.-

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\WeeGems.Option.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):18384
                                                                                                                                                                                                                                    Entropy (8bit):5.856563911716489
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:KDruceycBXCQheZ/6FHOlvp+NxIrM5jzYpuq74sLgZJj9cVtBhLvS+CIYiYF8d76:KJXcBS3fDgxWGOuqPLsfcVhzSRIYiluF
                                                                                                                                                                                                                                    MD5:04BF958F04BF85550BAC585CB7A8B37E
                                                                                                                                                                                                                                    SHA1:2FB3CA7761D782A156D85AE03DEC27A1B1107B88
                                                                                                                                                                                                                                    SHA-256:90F21049FC4674124262BCC0837A0E01BDD22CA9EC76FB1D7D083F9AB09F3AC6
                                                                                                                                                                                                                                    SHA-512:0ED069335339537EF4C133141083127F13754EB1D64EA007282E0297B1C07CE0C6FD9ED04C04E9C9EF7FCF05D75A226871839C32012D9ECFF749CEB6326B9394
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Q...........!.....,..........NJ... ...`....... ....................................@..................................J..K....`.. ............6...............H............................................... ............... ..H............text...T*... ...,.................. ..`.rsrc... ....`......................@..@.reloc...............4..............@..B................0J......H.......,'...!............................................................(....*F.{....o....(...+*...0..E.......s.......}.....(..............(....(......%...(...+.(...+.......s....*..(....*J.{.....o....(...+*.0..E.......s.......}.....(..............(....(......%...(...+.(...+.......s ...*..(....*N.{!.....o"...(...+*....0..E.......s#......}$....(.....$........(....(......%...(...+.(...+...%...s&...*..(....*R.{'......o(...(...+*...0..E.......s)......}*....(.....*........(....(.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\WeeGems.Require.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):14288
                                                                                                                                                                                                                                    Entropy (8bit):5.905516185568662
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:twA3K5Ls94L12ZjdOYqGRcLVJwAZojQ4nIYiYF8d7MGCZfz:twA3Kz1ujUZGQb+jQSIYiqZfz
                                                                                                                                                                                                                                    MD5:BAD3264EFDE055ED0AF41657478AA77E
                                                                                                                                                                                                                                    SHA1:78C59CCE8E3A1322DB68CAC2D5734FE24A9A2571
                                                                                                                                                                                                                                    SHA-256:06C00AB21477BD8B2509565790DEC345D58CDBAFA059F433DDA6A7FDF9DA78A6
                                                                                                                                                                                                                                    SHA-512:5F84D5B98BEE0A81324432C61D5AC9400D7F3E3391C60F1F77C55C37B1EC85CBA51DA2750E78770D9F12908BAD7151A9C94420596840430FA4B0B05B658AE547
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Q...........!................n:... ...@....... ............................... ....@..................................:..S....@..(............&.......`.......8............................................... ............... ..H............text...t.... ...................... ..`.rsrc...(....@......................@..@.reloc.......`.......$..............@..B................P:......H........$..\............................................................0..3........o....o...........-..o....t......o....o.....s....z*..(....*..o....*:..{.....o....*...(.......*"..(....*..0..........s.......}.....{....o....o....~....-........s.........~...........s....(...+~....-........s.........~....(...+~....-........s ........~....(...+(...+..(...+,.r...p.($....s....z*.0..s........o....o..........(%.........(&...-O.o....t......%-.&r...p.......................(%...o'.....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\chimera.extensions.logging.log4net.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):15312
                                                                                                                                                                                                                                    Entropy (8bit):5.939459847131649
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:1CzIPzby1TydvSAfb/QKoJjC2+BaVIgjOa3UZIYiYF8d7MGRMLdS:uTwKA/QKl2+86gjOUAIYipMLI
                                                                                                                                                                                                                                    MD5:4274C8E212B43D44A16164360D2FEB54
                                                                                                                                                                                                                                    SHA1:C9B0093C17F2D8AFD0E4863B92C37AD2DA724A69
                                                                                                                                                                                                                                    SHA-256:8DE333C25101F2C6C7108EA22E9CE821420D1BFD724D7AE6DFCED87C5100CFFE
                                                                                                                                                                                                                                    SHA-512:3BCF95B72BF8CF83195F8E8CF3A1582101B9D93D439298971872C73BB367999DE60DDF6943213357C76215E01581D48B5CF1C424FEB106ECE48F4AEE7C900AC0
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......X.........." ..0.. ...........?... ...@....... ...............................1....@..................................>..O....@...............*.......`.......=............................................... ............... ..H............text... .... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B.................>......H........%..............................................................2.~....(....*n.-.r...ps....z..s....(....*....0..7........-.r...ps....z.-.r9..ps....z.s......o......s....o.....*..{....*..0..&........{....rK..po......(....,.~....o....*.*...0..&........{....ri..po......(....,.~....o....*.*...0..F........{....r...po......(....,.~....o....*...(....,..*r...p.r...p(....s....z..~....o....s....}.....(.....-.r...ps....z..}.....(....*...0..{........{....r...po......-.*.o....o....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\de\SourceTree.Localisation.resources.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):158160
                                                                                                                                                                                                                                    Entropy (8bit):5.30299387972817
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:NyB9w5fqZ7XEzPx6zmljzFuLo6XVwKUjrhb2Jzu3SMk05bAsIeY+ERnMfigXFpQA:A+VGkZ5S7b85ug
                                                                                                                                                                                                                                    MD5:6D55A28AE54C754038B030BD9FABAB40
                                                                                                                                                                                                                                    SHA1:678211A5B15A7B632B836D18C01DDDEB6AF45C57
                                                                                                                                                                                                                                    SHA-256:B4595FEC5422AC46EFFD53180B0465440AA16C1D876535291EF58EC1D6CF683B
                                                                                                                                                                                                                                    SHA-512:62487D43476F5DC9646A8A12B5F7776C96293128F26DA49604820D8D3FB5F9FD57AF322B0A9C0F518DC250B8355468C14AE223B634E1723A609D0FC83828DA25
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f...........!.....N..........nm... ........... ..............................d$....@..................................m..O....................X............................................................... ............... ..H............text...tM... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B................Pm......H.......Pi..............P ...H.........................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....#.......PADPADP.6............E.E..........~.0..e9.a....._...S....,..2......F.).."M...~..?........G.8SM..........).G.c.z....f.I....nD...^.........kt..6.(...Z.............T......#....P..<...@..~&&.....@.........._.s......n...o......79.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\PortableGitLfsBitbucketMediaApi-1.0.5.7z

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:7-zip archive data, version 0.3
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):1361022
                                                                                                                                                                                                                                    Entropy (8bit):7.999843112825327
                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                    SSDEEP:24576:E1QN+fUubm1u7SIUBls5EBVelztZ84Lxt5W3ixbmkKqcGFeVApd:EO8bmM7UBWEBVqL9tcMmefd
                                                                                                                                                                                                                                    MD5:62C9F29FBF1A67E5CC791CA4BEC16DE6
                                                                                                                                                                                                                                    SHA1:0276989FAC2E0C03A82AE6E91B77F595FB141146
                                                                                                                                                                                                                                    SHA-256:68C2940DB40E456BDE889815F1EA8CCF610ED1785B1D014B69ED222107A1D590
                                                                                                                                                                                                                                    SHA-512:1B68FBFCDD79E3F63920C20745E46130A191F068EEEB3DF119A2E486AA9EDEE136B342B6EC8DCD8E103A9B75E39ED6054E6A522E292FBE968B667373E70C2F77
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:7z..'.....[:.......$.......#.;....hZ...............T...K../....d...Au.......|.D..Dr..V..N..2.P..z8..<....*w*.Y.*).h1....'<..pT...O..@.....AS......t.l.V...lL._...lh.p...K....>^l.Sl.V.e...l..A.,s...4.n...........*..t.2/.w.+.L&..Z..w....D.9..;3)...K....!.....e....Oa....02...g.....z.T.P...B@..9h..>.....-iS..A.H......$.w....{........\V..4a.s.q..:.v....a{...TlL,....Z.3x..8&.....mf~.*.H5.L........Y...\p ...[$L...........'...a.E..g.YgO.K..'...UoC....MwK.9...._..[!..y.... ....$t{J->...Fl.*...@...!NB......v..n....5..f..o.....t6..(F..R.b&.[.+T...++Y8..H.'.~H............O|.......r..2a.....]..E..lC2...OW......,En...kZ...3.$V,|..G"[.g.c...LP......<.@h..... .h)+}t.......;<...xbY....Nu.M.......(.lJw...H....|.......~g.\^...."O...%..Oq.1Nv..5..=.9..@....n..$.../1"........p..ti...D.=.....+..H.(.l.c..N5}.K.......N#.{b.CK...b.....2.W.5s.)j..#7...O.........JMjN..............%j3...W..]..5...'U.%{'.N.z..l.!3j...h...V...z.....5....zZ......4...y.@..|...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\gcmw-v1.17.1.zip

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):557672
                                                                                                                                                                                                                                    Entropy (8bit):7.998165329147359
                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                    SSDEEP:12288:aZWHsjfEv+kADwNli1PV1dL+S9enQ29ii7zUs2cKS3JAL/ljffXG7doSj:aUHsjfEv+VDci1PPtFQntNEgKnL/Qhom
                                                                                                                                                                                                                                    MD5:E3930173B817D04032B0B1E7BB157117
                                                                                                                                                                                                                                    SHA1:33E62757FB314584281240380AC387DCC0C628AE
                                                                                                                                                                                                                                    SHA-256:3E4CEE79C56F673E4B6C19D6173FA35006816846592E38C03635E1F32ED7691D
                                                                                                                                                                                                                                    SHA-512:E30771871606FAA8BE624BBF1E6B84B3CBA9A91B21D07C2CC7BE6E9167CAEB8B5B05A819E0749CE6821C390F900DD665CD787B5C6504CB468B293AE734F39676
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:PK.........k.L..8.....p...3.$.Microsoft.IdentityModel.Clients.ActiveDirectory.dll.. ..........jCE.........0.......0...}y|T......;I`2.L. aI..L.$....l......(.\z.P..q.....U.R.jm..X.....G..Z[..h]...y.s..$.....?^>f.9.s..y.s..^.Zt..+.b..=..C.........%U..(.F...C...y',.U....O.>..U..5..,....^..z.C.V.............P....4l{.)...2.:..W...UX`g,..5x.BM........_o.......1)..w}.....!..]..DL..D........X....W...!<-(w..S.{....X.w7...w,.I7.;ft..%..Us..t......3q5.H7....,.i..9C..Ue.7...e|........T.?....B...jz+y..t#.rz..Z..Zfz..A.j'.(...C....Mw .....8Q3....D.S.@'kF....4HE.s...C.3.~.q 3..BQ...@f.m.p...?i.G|.....gLs...Z.W,.L..4.Z.;_...5.....jT.U..%..[t.Z....w5.blS=x.n50...w.4.MQ../j.6h.....4v..j..c4r....N.*B.\....2.)...N...74....?.0....MBMo...J2f....N.(.B..P.MQ.&.g.J.z./.=.e.5..M.P.7..k:....t...DY<t..[Q....v).jz...$[..l.T).i.F]IQ.....AV..._<...==b.{O..QM.`..).._..e.4?..KM.*.j.)..i.d...}Z_cU..o..F|8..w8V+(y{..T....}...&...`...4.uU....$p_..:>E..>...{.......k.|...E.<..5...`...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\gitignore_global_default.txt

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):212
                                                                                                                                                                                                                                    Entropy (8bit):4.515636898105823
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6:Lghr5ASoMcL8bb5dT7084Ae4SWG4Pe+LIUyPPXzo0/:LGr5AGcL8R97084ABnPLKXzog
                                                                                                                                                                                                                                    MD5:3162BE7180BE485B393DC5CA1A5EA09E
                                                                                                                                                                                                                                    SHA1:B1DD51C365A9658D7049616C83A0084310F634EC
                                                                                                                                                                                                                                    SHA-256:280581CCFD2BF42FDF69C716416A6D3DE5947368EFCCAEE69D57DE1B1FCD32BA
                                                                                                                                                                                                                                    SHA-512:B74E3843BABE0E1634AAD52822473F4981805812922CDB6226FCA30BCEBA5FEB1C63539790FBE44167F28791300F1101C33FF11C36EBBAB28EF96F306207818E
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:.#ignore thumbnails created by windows.Thumbs.db.#Ignore files build by Visual Studio.*.obj.*.exe.*.pdb.*.user.*.aps.*.pch.*.vspscc.*_i.c.*_p.c.*.ncb.*.suo.*.tlb.*.tlh.*.bak.*.cache.*.ilk.*.log.*.dll.*.lib.*.sbr.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\hgext\hgflow\hgflow.py

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:Python script, ASCII text executable
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):130982
                                                                                                                                                                                                                                    Entropy (8bit):4.470954269287947
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:GE7gH/vRRKzxFq77y7mkVTZbPFz1tQBr2wsSlE:h7gH/vRRWqHRkVNbPFz1tQB6wsSlE
                                                                                                                                                                                                                                    MD5:152D8F45E3F417B611047788EDA24444
                                                                                                                                                                                                                                    SHA1:EC25DC9D78B70A829DA9C854403E023B23722817
                                                                                                                                                                                                                                    SHA-256:B34F2E7968DDBC14C6C5AB0FD547F226EE51C1F9E865A2BD7710FF93B3716D7D
                                                                                                                                                                                                                                    SHA-512:8A92DD22B0A1D561696158EBB95E59564BF8A664ACFDC15A7D595F21DF512067016520220AA5FA29DDA5923C9FE03BC7DF58DAE3929381F82250C1AD97FAE905
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:"""commands to support generalized Driessen's branching model.""".# License GPL 2.0.#.# hgflow.py - Mercurial extension to support generalized Driessen's branching model.# Copyright (C) 2011-2018, Yujie Wu and others.#.# This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License.# as published by the Free Software Foundation; either version 2 of the License or any later version..#.# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty.# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.....import os.import sys.import copy.import difflib.import mercurial..from mercurial import util, extensions, cmdutil, error, config.from mercurial.node import short.from mercurial.i18n import _....#######################################################################################################################

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\hgignore_global_default.txt

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):150
                                                                                                                                                                                                                                    Entropy (8bit):4.145034529180036
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3:xwLQpdKHPb4AYHTbOTSWG4PyvP+LGbUvzWTxTbHvPLTLJZvzoSH/:+QGHj4Ae4SWG4Pe+LIUyPPXzo0/
                                                                                                                                                                                                                                    MD5:2F677C0F749D67C87E143E76C2BE2614
                                                                                                                                                                                                                                    SHA1:33E269D0A7DFED8BEA4AEEC01DFEC0FB529A7294
                                                                                                                                                                                                                                    SHA-256:5BA0D5462531DF2D7838A802FAB0DA4C7E01AAE92328E9C49F1E4A92673021A9
                                                                                                                                                                                                                                    SHA-512:01D19B22967C82781EDF626129F63E995C95906D98570E3D4A5F67DB2F34D10C54977601512FDE93E19CDC50A467F1BE7ADFBFD00D3C9F04758FE9A055D63AA8
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:syntax: glob..Thumbs.db.*.obj.*.exe.*.pdb.*.user.*.aps.*.pch.*.vspscc.*_i.c.*_p.c.*.ncb.*.suo.*.tlb.*.tlh.*.bak.*.cache.*.ilk.*.log.*.dll.*.lib.*.sbr.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\licenses\7zip.txt

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):3902
                                                                                                                                                                                                                                    Entropy (8bit):4.998060925334064
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:96:DTLquN/6Fj3EX9fBOrYJarYJtAYKn3V3zPSTjMegBxSRO4:jquQFoX/Orsarscn3V3TQjM7BqO4
                                                                                                                                                                                                                                    MD5:7356E0CC412F38BB5CD7E07C3C36E79E
                                                                                                                                                                                                                                    SHA1:60C75B651F7863A2CA8DCE334ED6A1F52C5D79E7
                                                                                                                                                                                                                                    SHA-256:EDC7B0B278C208C74CB117DD719D8E500F64EFFD4B05D5B53152EBB704408593
                                                                                                                                                                                                                                    SHA-512:735A81A33B976835DBA1A1EA7E0CA5375A545AC1C02F8DFFAC2F550ECF570D6AAA5AE41DD22153B64755404674C106690E2D37ABDBD9B2BDB90AA80017B4B851
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview: 7-Zip. ~~~~~. License for use and distribution. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.. 7-Zip Copyright (C) 1999-2018 Igor Pavlov... The licenses for files are:.. 1) 7z.dll:. - The "GNU LGPL" as main license for most of the code. - The "GNU LGPL" with "unRAR license restriction" for some code. - The "BSD 3-clause License" for some code. 2) All other files: the "GNU LGPL"... Redistributions in binary form must reproduce related license information from this file... Note:. You can use 7-Zip on any computer, including a computer in a commercial. organization. You don't need to register or pay for 7-Zip.... GNU LGPL information. --------------------.. This library is free software; you can redistribute it and/or. modify it under the terms of the GNU Lesser General Public. License as published by the Free Software Foundation; either. version 2.1 of the License, or (at your option) any later version... This library is distributed in th

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\licenses\Apache2.htm

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines (948)
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):9575
                                                                                                                                                                                                                                    Entropy (8bit):4.6649555639292535
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:YFQRWbVolUTo1EQFNfFE6GLGGV2p1CVQhggoHqxZJbUMwuM:YFfKUk1pHHHvjbZzRM
                                                                                                                                                                                                                                    MD5:5E67BFAB57B8DD6581587F3087344792
                                                                                                                                                                                                                                    SHA1:88174C121423684B81FB43DC82EDB8B21F20177A
                                                                                                                                                                                                                                    SHA-256:9446C30BB57BE8531DC26277D8E6049203962255CC842E1EF103B8D574B815A1
                                                                                                                                                                                                                                    SHA-512:CFD618708C62B855852D1C85889D3F8A78D2131D011FA683343C0BEE15DC47D9851313E2026AE2F23CF22A4E646C9D0D38F8587DCF169997CD7CFF6A1B9D286A
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" class="Chrome">. <head>. <title>Apache 2.0 License</title>. </head>. . <body>.<h1>Apache License</h1>.<p>Version 2.0, January 2004<br/>.http://www.apache.org/licenses/</p>..<p>TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION</p>..<p>1. Definitions.</p>..<p>"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.</p>..<p>"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.</p>..<p>"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%)

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\licenses\CPOL.htm

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:HTML document, Non-ISO extended-ASCII text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):13812
                                                                                                                                                                                                                                    Entropy (8bit):5.092838606361305
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:a4fWArh1vLL7yerTHTTDUJKT0ET5TT0lKPC3z1iIfy:x1Wk0l++Rtfy
                                                                                                                                                                                                                                    MD5:6B517BDB7FF11A752405A2BFB8A3F64E
                                                                                                                                                                                                                                    SHA1:C618EAB482F61168A96890880096E5637F0849C4
                                                                                                                                                                                                                                    SHA-256:05E5DA964231DABD958A0BD0BDC9303294F58027AA4B402080C8C7F66BF339C4
                                                                                                                                                                                                                                    SHA-512:3AF90316687DF15E0B343D2915718A94475C087B1172534020A112FDB8391B1DD3BEBF54CBBED1A110C966060098BF1D3E5AB1B99A283C2B3071D6C98F1771ED
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:?<html>.<head>.<title>The Code Project Open License (CPOL)</title>.<Style>.BODY, P, TD { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10pt }.H1,H2,H3,H4,H5 { color: #ff9900; font-weight: bold; }.H1 { font-size: 14pt;color:black }.H2 { font-size: 13pt; }.H3 { font-size: 12pt; }.H4 { font-size: 10pt; color: black; }.PRE { BACKGROUND-COLOR: #FBEDBB; FONT-FAMILY: "Courier New", Courier, mono; WHITE-SPACE: pre; }.CODE { COLOR: #990000; FONT-FAMILY: "Courier New", Courier, mono; }..SpacedList li { padding: 5px 0px 5px 0px;}.</style>.</head>.<body bgcolor="#FFFFFF" color=#000000>..<h1>The Code Project Open License (CPOL) 1.02</h1>.<br />..<center>.<div style="text-align: left; border: 2px solid #000000; width: 660; background-color: #FFFFD9; padding: 20px;">..<h2>Preamble</h2>.<p>..This License governs Your use of the Work. This License is intended to allow developers..to use the Source Code and Executable Files provided as part of the Work in any..application in any form..<

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\licenses\EULA.pdf

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PDF document, version 1.4, 17 pages
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):611147
                                                                                                                                                                                                                                    Entropy (8bit):7.778764740257506
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:12288:uVsQCA8NXGnZ3zzAUTWV+CVQiQCAvVCwXQCAOVQPkJQCAbVSO:osQp8k3AeWV+CVQiQpNCwXQpIYkJQpx7
                                                                                                                                                                                                                                    MD5:AC4A7A8E292E55D1F85FF89308B786C3
                                                                                                                                                                                                                                    SHA1:C360742BBD6BDB9C6ED8A1C8348570C575803B34
                                                                                                                                                                                                                                    SHA-256:AEFE562662867385FFF11072F0245B056BE05D3167B91E66643CC93A309C0DE9
                                                                                                                                                                                                                                    SHA-512:116E958A05F493D1E8BA86A7FED93DAFAEAEE7194D7BCC1760D1B22C65F32D9B8F29BCC59AFF6D022E893660DC5307FEA323AE3D78300AC1CDBC30BD26C01F4F
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:%PDF-1.4.%......985 0 obj.<</Linearized 1/L 210811/O 987/E 113266/N 17/T 190995/H [ 1256 686]>>.endobj. .xref.985 48.0000000016 00000 n..0000002143 00000 n..0000002290 00000 n..0000002783 00000 n..0000003160 00000 n..0000003722 00000 n..0000004212 00000 n..0000004389 00000 n..0000004503 00000 n..0000005079 00000 n..0000005355 00000 n..0000005975 00000 n..0000006213 00000 n..0000006766 00000 n..0000007254 00000 n..0000007781 00000 n..0000008273 00000 n..0000008791 00000 n..0000009275 00000 n..0000009416 00000 n..0000009445 00000 n..0000010071 00000 n..0000010570 00000 n..0000011041 00000 n..0000011495 00000 n..0000014559 00000 n..0000015032 00000 n..0000041087 00000 n..0000041593 00000 n..0000065996 00000 n..0000066250 00000 n..0000080878 00000 n..0000081049 00000 n..0000081226 00000 n..0000088604 00000 n..0000088645 00000 n..0000088748 00000 n..0000088777 00000 n..0000089191 00000 n..0000089332 00000 n..0000089403 00000 n..0000090775 00000 n..0000091077 00000 n..0000091447 0

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\licenses\GongDragDrop.htm

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines (759)
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):1720
                                                                                                                                                                                                                                    Entropy (8bit):5.270020849726382
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:7xyOOrYJWrYJzVVpP90432sBG32s3Etm13t6TH4M:9POrYJWrYJzVV7n303z9ITYM
                                                                                                                                                                                                                                    MD5:D7AAD5E564E67B132C73437FCBADA9A1
                                                                                                                                                                                                                                    SHA1:31E483692CF8850CD5AF49C63EAB4F099CEB01D1
                                                                                                                                                                                                                                    SHA-256:D991EA82FFD3FBFD5698BF3F95D2ABED35125AB0A2B006B194274B10D66132DD
                                                                                                                                                                                                                                    SHA-512:F61E79741D1BD89AF02AC051C8C39481AF189825AEE207EACF7D1CD80144D91338615AD5CBB87E315AB21577A39417AF4DEBB4AE78D36C9E14C34F961CE4F8B6
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" class="Chrome">. <head>. <title>Gong WPF Drag/Drop - License</title>. </head>. . <body>..<h1>New BSD License</h1>...<p>Copyright (c) 2009-2011, Gong Solutions<br/>.All rights reserved.</p>..<p>Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:</p>..<p>Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer..Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution..Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission..THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND C

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\licenses\PuTTY.htm

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines (447)
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):1493
                                                                                                                                                                                                                                    Entropy (8bit):5.240527118703829
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24:B57mUxwRUqIevc0kaSpr4JHBH0yPP3gtAB1hgf9QHcsUv48Ok4/+So3oqxF1GM:77fxwre0R88JplPvEIg1QHcs5It3omFv
                                                                                                                                                                                                                                    MD5:4FF60D0F7CCCBC425E460B852B133C95
                                                                                                                                                                                                                                    SHA1:D7DB9ACCBA4D791942251A24F09B61E377644C44
                                                                                                                                                                                                                                    SHA-256:F8CE041FE5F0B4EF0985B2D58DA2BEDED436F30D9C44BD20DF63F28D67635746
                                                                                                                                                                                                                                    SHA-512:CC71B2FBF9E46C9CB1B3195C523E218803676A0E518D2046DC3D3715819EF9230146E5595CD8E306F8A35717C10F5242E4414D5C7256820BE55ED4AA51771ADE
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" class="Chrome">. <head>. <title>PuTTY License</title>. </head>. . <body>.<p>PuTTY is copyright 1997-2012 Simon Tatham.</p>..<p>Portions copyright Robert de Bath, Joris van Rantwijk, Delian Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry, Justin Bradford, Ben Harris, Malcolm Smith, Ahmad Khalifa, Markus Kuhn, Colin Watson, and CORE SDI S.A.</p>..<p>Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:</p>..<p>The above copyright notice and this permission notice shall be included in all copies or substantial po

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\licenses\WPFConverters.htm

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines (412)
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):2935
                                                                                                                                                                                                                                    Entropy (8bit):4.619476068298701
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:7y39UvpiOFtkAEQCEFfy63pDRNCJCBXe9UnCJCh4wnOxO9fuD52nH4OkKvnxHzR0:C9UQOFuAEQ7FK6RTCoXe9UCEfOxsfuDn
                                                                                                                                                                                                                                    MD5:F7139FB01631695B3E32CBDA4050FF12
                                                                                                                                                                                                                                    SHA1:6B4F2D3195EE7632F692E77CED38BC5370E50E57
                                                                                                                                                                                                                                    SHA-256:F0200E9BD307716FDF3DAB1962049AC36C6925B1FD396A3034BD4ED2822BF809
                                                                                                                                                                                                                                    SHA-512:2142C78021C90387DE7BA3B3FCF838C58FCC5EC1039CD63595728E20538A3ABE3C00F0463978AF4C817660ACAB4C68D9C97D827FE241B4BC0DB37F8A79231C82
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" class="Chrome">. <head>. <title>WPF Converters - License</title>. </head>. . <body>.<h1>Microsoft Public License (Ms-PL)</h1>..<p>This license governs use of the accompanying software. If you use the software, you accept this license. If you do not accept the license, do not use the software.</p>..<p>1. Definitions</p>..<p>The terms "reproduce," "reproduction," "derivative works," and "distribution" have the same meaning here as under U.S. copyright law.</p>..<p>A "contribution" is the original software, or any additions or changes to the software.</p>..<p>A "contributor" is any person that distributes its contribution under this license.</p>..<p>"Licensed patents" are a contributor's patent claims that read directly on its contribution.</p>..<p>2. Grant of Rights</p>..<p>(A) Copyright Grant- Subject to the terms of this license, including the license conditions and limitations in section 3, each cont

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\licenses\gpl2.txt

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):17991
                                                                                                                                                                                                                                    Entropy (8bit):4.690315028134585
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:jEUwi5rRL67cyV12rPd34FomzM2/R+qWo7mgUt:j7FCExGFzeqf7mgUt
                                                                                                                                                                                                                                    MD5:575A9649D181E899167B5B7FD7811C4D
                                                                                                                                                                                                                                    SHA1:E393CDC6B44ACDA4C324A5214D468691B0A42119
                                                                                                                                                                                                                                    SHA-256:59D65B233EF8353F36F1FEF474FD2AE0384D71AF05E16A32FE975FA5F4246DD2
                                                                                                                                                                                                                                    SHA-512:B7B98A86728AC47776DF5F2AC6EDD21F54E2923F075CB09543CA69DFC94F90C9F19125BAEB47DDEEB2D708D94F97540E52ADA925106E82DA23B86988BB02A304
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:.. GNU GENERAL PUBLIC LICENSE... Version 2, June 1991.. Copyright (C) 1989, 1991 Free Software Foundation, Inc.. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed...... Preamble.. The licenses for most software are designed to take away your.freedom to share and change it. By contrast, the GNU General Public.License is intended to guarantee your freedom to share and change free.software--to make sure the software is free for all its users. This.General Public License applies to most of the Free Software.Foundation's software and to any other program whose authors commit to.using it. (Some other Free Software Foundation software is covered by.the GNU Library General Public License instead.) You can apply it to.your programs, too... When we speak of free software, we are referring to freedom, not.price. Our General Public Licenses are design

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\licenses\json.net.htm

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):1084
                                                                                                                                                                                                                                    Entropy (8bit):5.109478866355557
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24:bMhrOJH7H0yxgtAHw1hC09QHOsUv4tk4/+dpoaq/FD:buSJrlxEDdQHOs52TSaYFD
                                                                                                                                                                                                                                    MD5:0D23A0EC09E205C621AEFF189EE6EDFF
                                                                                                                                                                                                                                    SHA1:558BE40CA5D678DF6AF0BF07E27CB2F37365FCBD
                                                                                                                                                                                                                                    SHA-256:D7F83BBEA3264A8E23D7739E44D9DB1A4994B357274DF6F00876EB2E623827AD
                                                                                                                                                                                                                                    SHA-512:CA1572D899B09FA268967C31502A33ECA960B15EB534BBD1C4A9412E8C456F968F44432B9465396EC8B1BD52C13A7B39C681762A0F4B880DA8DC906189CE8EC5
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:The MIT License (MIT)..Copyright (c) 2007 James Newton-King..Permission is hereby granted, free of charge, to any person obtaining a copy of.this software and associated documentation files (the "Software"), to deal in.the Software without restriction, including without limitation the rights to.use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of.the Software, and to permit persons to whom the Software is furnished to do so,.subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\licenses\octokit.net.htm

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):1055
                                                                                                                                                                                                                                    Entropy (8bit):5.095374471162915
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24:ZDrOJH7H0yxgtAHw1hC09QHOsUv4tk4/+dpoaq/Fz:ZDSJrlxEDdQHOs52TSaYFz
                                                                                                                                                                                                                                    MD5:67D70BCD3F23E3DD9720CA0196F58B93
                                                                                                                                                                                                                                    SHA1:814D6AB2564C12157D0CFC24D6974C89BD1A39EA
                                                                                                                                                                                                                                    SHA-256:CE478300DF623EC3CFE52540E3CE8B8290B193AAB551449934D512C3535F7F5B
                                                                                                                                                                                                                                    SHA-512:84EAAEDC984C5BFC9B6C558C0BB48A4E84EFAD5EE315AB8B8CF68B50A93ED01399C51AD20542CD9B3A4BE1BADC217F460BFD84B18431492D6E2AFA5E9A9CF02D
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:Copyright (c) 2012 GitHub, Inc...Permission is hereby granted, free of charge, to any person obtaining a copy of.this software and associated documentation files (the "Software"), to deal in.the Software without restriction, including without limitation the rights to.use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of.the Software, and to permit persons to whom the Software is furnished to do so,.subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN.CONNECTION WITH THE

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\licenses\slf4net.htm

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):2786
                                                                                                                                                                                                                                    Entropy (8bit):5.368696936260072
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:m1XL3l4xS2nPOhTdTdCaJ0lxEs21KAHOs5exm3ogF5AruL2PQI/wB8j:IV4BmV94upRHToHuLW4BE
                                                                                                                                                                                                                                    MD5:1ADCB1C43DABACDC8608C313B2519A8E
                                                                                                                                                                                                                                    SHA1:0E5EE9EC5AFEFDEFBDF7A2DE2250CC8944BDA3EA
                                                                                                                                                                                                                                    SHA-256:93CB110F220850CAF2C7815E35DADA1195D3E6400DC2A63CB80C91C77FF3DED3
                                                                                                                                                                                                                                    SHA-512:8594C6964DB11A5972B10E58267AC024FA76E25351C5FB0873917AF30C62A231F2965FDA441AC1E8DD63D48778975E1AF939E07ABCB4D53C4EDBEBB101F73F11
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:<!DOCTYPE html>.<html id="home" lang="en">.<head>.<title>MIT License</title>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width, initial-scale=0.7">. .Welcome fellow open source developer. This project is here for you to.link to if you're like me and keep forgetting to include the .MIT-license.txt file...Fork this project and send a pull request on:.. https://github.com/remy/mit-license..By adding a new JSON file to the users directory, it will yield an .MIT License on a CNAME, for example: .. { "copyright": "Remy Sharp, http://remysharp.com" }..Means visiting http://rem.mit-license.org/ shows "Remy Sharp" as the .copyright holder. Namespaces will be on a first come first serve basis,.and I'm open to folk joining the GitHub project...For more options (including linking and license version targeting) .see the README in the github hosted project...Hope you find this useful too!..- @rem..-->. for HTML5 el styling -->.<script>document.createElement('article')

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\extras\mcmw-v1.11.96.zip

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):257631
                                                                                                                                                                                                                                    Entropy (8bit):7.996025382408435
                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                    SSDEEP:6144:Qzeiv/YYHecoZEQnUSz32Zfn1eQS2by+UnEkf:e/YYHN6nUoEP1eQ5byOS
                                                                                                                                                                                                                                    MD5:DBE4E6034BA92BD39D85B9B396749531
                                                                                                                                                                                                                                    SHA1:5937F2336806FA6A97DABDEF1912D630F0F85220
                                                                                                                                                                                                                                    SHA-256:4F1185EF9173E703CB4E115BE007E133991A20255A8C240A5A73FEB913EBC9C2
                                                                                                                                                                                                                                    SHA-512:89937DA41469B9881B4891A6EBD7D176329141306F7065097DC811526F85596C33A9B06D3167E9249DC6F932E3331F153272596D103C4013A33218BF1AD73A49
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:PK..........}M....}$...P......Bitbucket.Alm.Mercurial.dll.|.t\..}K.Z$.T%Y..l...,..,...cY.l..M..F.....z.........N.$..:iB....%L.I .:t..d.&I3d..$.L&'.t:...}.6I...}N.9]..............Jv.{.!..t........l.w.L.'.._....o,...........m....X*..Z....'..t6.m.@l..1..B.<.{...R4.4K..z_.%....h'..=1....%.....ME1./.t.ht..,.....C>..w......p.!.J<..DM."&.........N..3O....^..E.KT.i..;E.m.Q...\n....f.J....k.,..3.g.}.....k...".]99......q.....D..k;t..."j|.H..6.....j.N...........3.k.!.M7..!..b,W..`.D.:|..*.E.Bu.._D+ .7>.....k.....O1Q/../.<d-.c.O`.a.@.Z..x.95Oh..L^..*O..`Q..D....r.3U...%*...j<..;..V+Z.K.\.t....).<B".lp...Xm.}uM...Q..<.9.og..?.......=JY.._.>e. \.....j.;.2\.>......ss..W.7...=m.S..".......-...D{>.......~Ll.g#.'.X..0=.[. ...5.......Z.fD.g.7.....B<^...[.Yu ........{...'....a.... .^.=.z.&......"....B%Z..R.W...&.U.2...K.|..%..>....,o...>....;..,#e...n-...[..9........s9..8C.H<......U..5...B.N.0.U.}.In....-T.a.b.{J$....n.4..........aX[..........Y.s...<....I..Y...8.{8.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\fr\SourceTree.Localisation.resources.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):157648
                                                                                                                                                                                                                                    Entropy (8bit):5.292543005137159
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:syBZpXgNT3Dj3zdTueER2BCw00c5tQFcoa5E47a4juowOhV4NB9MuJyYpKfavXxv:lApy9ivBKW//N68we4xrlQ
                                                                                                                                                                                                                                    MD5:7AF95BEA5F8ED6D1F23E3A9AC1584259
                                                                                                                                                                                                                                    SHA1:FA13EC4ACD48FAA189E75F4DD355DD9084CE7EB0
                                                                                                                                                                                                                                    SHA-256:1BA462791F8191C2F6C79B96D47E14FA18CBA6EF2750B393AE44C74D0470D29B
                                                                                                                                                                                                                                    SHA-512:E0FE947979590F54DBCC3AECC0856E2B56B0D39BE64563810CE9E61E31B79708983ABECC5666E39FF6CDA4C41A4545884E86A3E81E3DFF4E9EEDB57E6B2A7C89
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f...........!.....L..........~k... ........... ...............................7....@.................................(k..S....................V............................................................... ............... ..H............text....K... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B................`k......H.......\g..............P ...G...........................................2.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....#.......PADPADP.6............E.E..........~.0..e9.a....._...S....,..2......F.).."M...~..?........G.8SM..........).G.c.z....f.I....nD...^.........kt..6.(...Z.............T......#....P..<...@..~&&.....@.........._.s......n...o......79.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\icons\Notification\SourceTree.ico

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):103428
                                                                                                                                                                                                                                    Entropy (8bit):4.776091477468276
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:6/fLpKDDoSOPmBhKnm0OLoJcO1+rE872E+BFlOmCdXQwA:6/ftKDDTOPRO61+o7DP
                                                                                                                                                                                                                                    MD5:842650927338C6FEC0D9A9D7D4B80D49
                                                                                                                                                                                                                                    SHA1:352F811BB5BFF444AE523E81D46D6FA756D17747
                                                                                                                                                                                                                                    SHA-256:BC8E44621E33914A0016BA06BBA657919CCD0270C118307FCE3491A2FDE1538F
                                                                                                                                                                                                                                    SHA-512:AA052C4D80FE96295D2FD2DE49D7307B42AA03225F04AF84260B19DC7A5DB3E6C76166657A5142BFB3545B3156B7033910DE09AC29C9C2F71B992867472DAC4F
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:............ .h...V... .... .........00.... ..%..f......... .(....;........ ..P..6C..(....... ..... ..............................................................................................................9.1.E.v.I...I...E.v.9.1.................................3...I...M...S...S...S...S...M...I...3.......................5...N...U...R...Q...R...R...Q...R...U...N...5...................N...W...S...R...S..........X...R...S...W...N...............D.-.R...V...U...P...]..........._...Q...T...V...R...D.-.........P.o.X...V...S...h#..............h..`...T...V...X...P.o.........T...[...W...Q......................r..U...W...[...T...........W...]...X...X...........o*..^..........\...W...]...W...........U.l.]...Z...U........................V...Z...]...U.l.........P.).Z...\...X...p,..................y7..W...\...Z...P.).............Z...a...]...Y...g....`...c..i...Y...]...a...Z...................U...]...b..._...\...W...W...\..._...b...]...U.......................O...]...`...c...c...c...c...`

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\icons\transparent16x16@2x.png

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):2631
                                                                                                                                                                                                                                    Entropy (8bit):7.805423293329732
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:Jppo+JAQQbdmUd4N10tc5bRk9wPrdjxCM10wwEy83m1zMy:PCsXmc5bm9lFYmVMy
                                                                                                                                                                                                                                    MD5:B76619A32D6AEC83B4CBB579C0404565
                                                                                                                                                                                                                                    SHA1:2D604CBDE4CA199674AE1918F4CF681727F2705F
                                                                                                                                                                                                                                    SHA-256:C49AEE62874DEA9DF423DF6C47315C50FF165BCE345B84E47A179788861EBD81
                                                                                                                                                                                                                                    SHA-512:D31F7ED0F9E9658C4A5E2E752BA7A4DBE159F37880E7E9F9055B45649D3DBA8BCDCFD6790E2235BFE3DE257B8B5FEEEC719433767D5A1861AA9C456B0FFDCC9B
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:.PNG........IHDR..............>a.....gAMA....7.......pHYs..........(J.....tEXtSoftware.paint.net 4.0.16Di......IDATx^..W.^E....$6.....<................h.s..E........I..9....{.z;......}...{..??.}.......G.W..Y...>..~.......k......}......n.O....;......C........k.l.^>..{.......?..`...+.S.....c+.7..[q~....?..p..S...Ol.]{gq..O..?}w...K..{n..>p...x....Ggvry.}.......n....c...-.W.......W\.../..G.|....4^>{d;..S;..O.w..\..y........r.i...z....so=..#..|.[^.4.i.....\..{..r.........#.<q..1......w.$CF.sD.'.__^..yH. ......hb..O..^z|.f >..........h.k....S<{.x...9.k..pe<......5...~..I..7......{....c/?.|..~.........}..O.]<}x.....=.{Z/........4.nbj${i.g...t...>.rb.....=L...3..S.+.o.".qI.E3.mN,D.1. &0.M.|7...1.$...?..u31. .3LnM.H.*...<.5.=N.9.........a..).X..b/..4.......u.....d.}.o..4..'M.....o~.gL.}{Z.....:.....+.k..3=m.lN.2c..S0&H0......}...y.u.P..S..c.\..;s..:.qszf...y..4.Y\1....`...\'o.G..<{...sr..F...q....b*.u.Bn...EU`..a.g8X/.u8..g....K..G#/..G|

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\id\SourceTree.Localisation.resources.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):141264
                                                                                                                                                                                                                                    Entropy (8bit):5.255877438955042
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:DIXcmZmbsHElnkqH9lzmP6fQpOj4cUZcOqpWKtR8dDj4NO9D7M0wUskJMHs8oycI:cXZW3AyDs4Se
                                                                                                                                                                                                                                    MD5:2897797DEDD49C3F0602B8564D91BE23
                                                                                                                                                                                                                                    SHA1:B3C5EA8EBD0C91D25AE1BED0E220E00F211F8325
                                                                                                                                                                                                                                    SHA-256:1227F067DE6FF0FAF5C706A1C362513B4514A09C10A194E6D58C29FB2926C37E
                                                                                                                                                                                                                                    SHA-512:7ACF3348AF8A58AFA09E69DA7CA16AC35E79E28409FF99AF80A2F2C9E5A15AEE85CB841C27CA42D39DFA72A590158922913C018DF20CDE26E3C8E1B4539630BB
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f...........!.................+... ...@....... ...............................!....@..................................+..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........'..............P ..c...........................................R..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.6..........E..........~.0..e9.a....._...S....,..2......F.).."M...~..?........G.8SM..........).G.c.z....f.I....nD...^.........kt..6.(...Z.............T......#....P..<...@..~&&............_.s......n...o......79.].N...N.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\it-IT\SourceTree.Localisation.resources.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):146896
                                                                                                                                                                                                                                    Entropy (8bit):5.2055732454919506
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:wIXcQPdyZ533RKrgnlisWd7uBZHTcNAQvffDVS4b2ljDEzrDd1DOV4hIEYqMF2xf:ZDfPhIEYqMF2xQEqLJ137K/Jiu8YmdKl
                                                                                                                                                                                                                                    MD5:3271D2501E5F6A4A628A784A19E9E26E
                                                                                                                                                                                                                                    SHA1:9C0085F44D08EF41117475457FABCA25F74DB51C
                                                                                                                                                                                                                                    SHA-256:69B0A37BA2A744F054E7CDB3B3451C7E6B236ED8B3B20821922C00F5A57B3277
                                                                                                                                                                                                                                    SHA-512:1390266A63421B7B1643E01CBED5D61E6F52B8E06A5C8B4D3F42A5D860F80EAA20D82465099A9A4DA5F56FFDD34A27A014EF33E40356442BFEB2B3C08A574A83
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f...........!....."...........@... ...`....... ..............................Z.....@..................................@..W....`...............,............................................................... ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................@......H........<..............P ..i............................................!.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.6..........E..........~.0..e9.a....._...S....,..2......F.).."M...~..?........G.8SM..........).G.c.z....f.I....nD...^.........kt..6.(...Z.............T......#....P..<...@..~&&............_.s......n...o......79.].N...N.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ja\SourceTree.Localisation.resources.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):168400
                                                                                                                                                                                                                                    Entropy (8bit):5.81672461154105
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:9yBqq8xAtib3lKCaxH+PEI2xM9e1SA/gDdqymm3QU+PWbNDqDNsEecZyjvFUmN/8:w70X8KZQQRUV
                                                                                                                                                                                                                                    MD5:8D9C0788B6E8FE11C5D446069A2517E2
                                                                                                                                                                                                                                    SHA1:29AE8126F8A4FAA72ADFF9029E70F891E38D7DB1
                                                                                                                                                                                                                                    SHA-256:28A190AF088F9F88CB16226BE0A480D7AA09F91692491F3FCD7124BBB39CFE53
                                                                                                                                                                                                                                    SHA-512:0B94B872D9220E70507D70BC1AFF23C91A0D93B180ADDDD703F1B7AB86509C26742D5A5B930E040E1CEFE6F8DB6CE764F97007B81D4D4D34E3815B311F2CC9E7
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f...........!.....v.............. ........... .............................._.....@.....................................O.................................................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc...............~..............@..B.......................H......................P ..~q...........................................D.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....#.......PADPADP.6............E.E..........~.0..e9.a....._...S....,..2......F.).."M...~..?........G.8SM..........).G.c.z....f.I....nD...^.........kt..6.(...Z.............T......#....P..<...@..~&&.....@.........._.s......n...o......79.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ko\SourceTree.Localisation.resources.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):152528
                                                                                                                                                                                                                                    Entropy (8bit):5.848918810005883
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:YyBigGJxe7UUpTRWaMq0KoeOMreKRboPx06tFeAX0QQwnNMLmXplpFsiGucTjV96:h2nkuyJ9wB6m805iTI
                                                                                                                                                                                                                                    MD5:C917C00413B98D240AA6DF2CE9FE67CA
                                                                                                                                                                                                                                    SHA1:081ECCC8C16E7073BB09151AEAFC8B2813794E19
                                                                                                                                                                                                                                    SHA-256:42CCE556E2084CD62E262EC4D22DAE6DB64819CCCF4418C10F4C95970149AB1B
                                                                                                                                                                                                                                    SHA-512:C6E43C0B550A9546E2E04B79D5D08EF57F3469C401E14E18EB878096F577D0E6BC54958D370683F6841856CB07BDE0200C82B2E4FB3891017F4D8323F9199A30
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f...........!.....8...........W... ...`....... ...............................M....@.................................4W..W....`...............B............................................................... ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B................pW......H.......hS..............P ...3..........................................T).............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....#.......PADPADP.6............E.E..........~.0..e9.a....._...S....,..2......F.).."M...~..?........G.8SM..........).G.c.z....f.I....nD...^.........kt..6.(...Z.............T......#....P..<...@..~&&.....@.........._.s......n...o......79.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\lib\win32\x64\git2-106a5f2.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):1213392
                                                                                                                                                                                                                                    Entropy (8bit):6.536237663598969
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24576:MIPKlNcIyF7rXr5YtlJ+x1j67MgML8+JWzsdxzA/6NdUnZTrfkvpf:zYch5Yte1oMfg+JWixzA/6NdSZTA
                                                                                                                                                                                                                                    MD5:57DD23865525A7D2FF7C06C735C0FBD2
                                                                                                                                                                                                                                    SHA1:50CAAEDFD28D7FF15F87B2E375D400BFA9DF3B0D
                                                                                                                                                                                                                                    SHA-256:C7D8C85499ACD9361AF237CA4EE0B682E8AC847D8AE6A66ED084D27C08D5AFE8
                                                                                                                                                                                                                                    SHA-512:748C6870B0C3FED18FE87AD247C1A756035C0D4BB81E087358C364F546FD899F777F41C87723835ABD09BCA3985B6D64789C817F8CA853744E12B564E7224CBB
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h.\',.2t,.2t,.2t.h.t).2tj..t..2tj..t..2tj..t'.2t.7.t..2t.7.t#.2t,.3t..2t.V.t..2t.V.t-.2t!..t-.2t,.t-.2t.V.t-.2tRich,.2t................PE..d...\..].........." ................P7...............................................4....`..............................................g...4.......................r...............5..8...............................p............0...............................text...<........................... ..`.rdata..p....0......................@..@.data...H....P...V...2..............@....pdata..............................@..@.rsrc................b..............@..@.reloc...............h..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\lib\win32\x86\git2-106a5f2.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):945104
                                                                                                                                                                                                                                    Entropy (8bit):6.786965548096078
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24576:hRA4OgnL8SX1dIaaDxR7FsQmyu2gxIZETnTGo:vVFdaDrczrTKo
                                                                                                                                                                                                                                    MD5:ED26D0D05EF6FAF10D2A2B8A09CAD353
                                                                                                                                                                                                                                    SHA1:A68FA14FD0A9760720297091832BED642C6A8977
                                                                                                                                                                                                                                    SHA-256:D60E651212C9098A7EBC77B91052A86EB385EED476DA97C8BBE01049DCBE5ED2
                                                                                                                                                                                                                                    SHA-512:852B7F2F106B38E2CFE54EC0267FFE3112D5B041D42FDA526FD9E371AEAE9E400936B24C2FEE56F1C94BF7118278507A4239F5A5ECF1EBDAFABBF80D2C87C00B
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8.CUY~.UY~.UY~.....PY~.X...xY~.X...HY~.X....Y~.....WY~.....ZY~.UY...Y~.....Y~....TY~.X...TY~.UY..TY~....TY~.RichUY~.........................PE..L......].........."!................u...............................................'g....@.........................0?...g..$........0...............Z.......@...i......8............................9..@............................................text............................... ..`.rdata..F...........................@..@.data....m.......J..................@....rsrc........0......................@..@.reloc...i...@...j..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\log4net.Alpha.config

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):2301
                                                                                                                                                                                                                                    Entropy (8bit):4.870244075310123
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:OpcgHeCNaJ2qr8uGCep+HeCxpLKJ2qceWWpGsSsk:InW8zXUVaWWy
                                                                                                                                                                                                                                    MD5:62A8AD132B4E01B2A46C616156FBE512
                                                                                                                                                                                                                                    SHA1:6A647A9FD07A02C67232CC4F08EF65083C5CD074
                                                                                                                                                                                                                                    SHA-256:B216ACD4330D922ABBAE5031DF946AE6A8BD7D3443CF2A677DF0E5D3A75FB108
                                                                                                                                                                                                                                    SHA-512:00E31F650511CCB2DB9AF2FDB9A648D0B797AD0C2DB137DE341CC676A5B005CC0E951CDAA25C7398D5C5683632026D5195AF421F42FB8AABA827E46829FCAC9B
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:<?xml version="1.0"?>..<configuration>.. <configSections>.. <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />.. </configSections>.. <log4net>.. The DetailsFileAppender writes all messages to a log file-->.. <appender name="DetailsFileAppender" type="log4net.Appender.RollingFileAppender">.. <file value="%localappdata%\SourceTree-Settings\alpha\sourcetree.log" />.. <filter type="log4net.Filter.StringMatchFilter">.. <stringToMatch value="CustomSettings"/>.. <acceptOnMatch value="false" />.. </filter>.... <threshold value="DEBUG" />.. <appendToFile value="true" />.. <rollingStyle value="Size" />.. <maxSizeRollBackups value="20" />.. <maximumFileSize value="1000KB" />.. <staticLogFileName value="true" />.. <layout type="log4net.Layout.PatternLayout">.. Use %logger rather than %class, we already name the loggers based on class type .. and using the lo

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\log4net.Beta.config

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):2297
                                                                                                                                                                                                                                    Entropy (8bit):4.868324382101414
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:OpcgHeCh3J2qr8uGCep+HeCfFhLvJ2qceWWpGsSsk:ImW8zXU3YaWWy
                                                                                                                                                                                                                                    MD5:160516D3ACFEF92FE9CEB2F466FC3D19
                                                                                                                                                                                                                                    SHA1:B2529C9F3FD5F9A5F09EB1C048479D6CD00AA83C
                                                                                                                                                                                                                                    SHA-256:099593F39757909FB6E0E7850CAE79CDC9A32D1325EC09154F22AD56EE274483
                                                                                                                                                                                                                                    SHA-512:999826699713CB67BD2D090C2A3660866237A6976F9652E841436F4A93718F47FE9152FA52B532ED45B20914F6577BB37DFC068ACCCBCE186D1E6285CE12F9C9
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:<?xml version="1.0"?>..<configuration>.. <configSections>.. <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />.. </configSections>.. <log4net>.. The DetailsFileAppender writes all messages to a log file-->.. <appender name="DetailsFileAppender" type="log4net.Appender.RollingFileAppender">.. <file value="%localappdata%\SourceTree-Settings\beta\sourcetree.log" />.. <filter type="log4net.Filter.StringMatchFilter">.. <stringToMatch value="CustomSettings" />.. <acceptOnMatch value="false" />.. </filter>.. <threshold value="DEBUG" />.. <appendToFile value="true" />.. <rollingStyle value="Size" />.. <maxSizeRollBackups value="20" />.. <maximumFileSize value="1000KB" />.. <staticLogFileName value="true" />.. <layout type="log4net.Layout.PatternLayout">.. Use %logger rather than %class, we already name the loggers based on class type .. and using the logg

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\log4net.Custom.config

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):2253
                                                                                                                                                                                                                                    Entropy (8bit):4.826063929268593
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:KaMlgHfCftcTqeN/83GbjZ+HfC/uL6cTqeZ9pWp1PsxPsfgI:g6hn8WMd7WYI
                                                                                                                                                                                                                                    MD5:8D51263C807DE87EB0063C157DE58145
                                                                                                                                                                                                                                    SHA1:97F703DBC406680DF4E230E2A192A2DE8A0064A8
                                                                                                                                                                                                                                    SHA-256:77709AD5DE33A68F58F59715805109603740ECEF65B71E495D410BC25A436525
                                                                                                                                                                                                                                    SHA-512:68D2F0C49814D5D62D76002E9E75B141EAB5725BC041F41BDECE356B9754619ED467250232CC83811DEF96CB65A067EF14C978D011CDF463CF3474ECA5E75FA4
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:<?xml version="1.0"?>.<configuration>. <configSections>. <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />. </configSections>. <log4net>. The DetailsFileAppender writes all messages to a log file-->. <appender name="DetailsFileAppender" type="log4net.Appender.RollingFileAppender">. <file value="%localappdata%\SourceTree-Settings\custom\sourcetree.log" />. <filter type="log4net.Filter.StringMatchFilter">. <stringToMatch value="CustomSettings"/>. <acceptOnMatch value="false" />. </filter>.. <threshold value="DEBUG" />. <appendToFile value="true" />. <rollingStyle value="Size" />. <maxSizeRollBackups value="20" />. <maximumFileSize value="1000KB" />. <staticLogFileName value="true" />. <layout type="log4net.Layout.PatternLayout">. Use %logger rather than %class, we already name the loggers based on class type . and using the logger name directly av

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\log4net.GA.config

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):2379
                                                                                                                                                                                                                                    Entropy (8bit):4.893903143182365
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:OpcgHYwjww2q3e8uGCep+HeCakhL42qceWWpGsSsk:I2Ge8zXU7aWWy
                                                                                                                                                                                                                                    MD5:B10BC3BD3A8D543F9644315E1C9E8EDB
                                                                                                                                                                                                                                    SHA1:0113D3E45004EACE46B496754FF43A1797330A1F
                                                                                                                                                                                                                                    SHA-256:10F76B7082C7605AE10FE6A78F1E559EF2D05B13DEE5A762F912981682511433
                                                                                                                                                                                                                                    SHA-512:0544D22E56E69A04FE2B2E3F4C1F9972EB384100D387A603C017E6ABDBD998346D5D2BD71E01605332A32E743CBF83FDBCEB913DA206EE781DAC475EF166CD0D
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:<?xml version="1.0"?>..<configuration>.. <configSections>.. <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />.. </configSections>.. <log4net>.. The DetailsFileAppender writes all messages to a log file-->.. <appender name="DetailsFileAppender" type="log4net.Appender.RollingFileAppender">.. For backwards compatability continue to use the existing GA location -->.. <file value="${LOCALAPPDATA}\SourceTree-Settings\ga\sourcetree.log" />.. <filter type="log4net.Filter.StringMatchFilter">.. <stringToMatch value="CustomSettings" />.. <acceptOnMatch value="false" />.. </filter>.. <threshold value="ERROR" />.. <appendToFile value="true" />.. <rollingStyle value="Size" />.. <maxSizeRollBackups value="10" />.. <maximumFileSize value="4096KB" />.. <staticLogFileName value="true" />.. <layout type="log4net.Layout.PatternLayout">.. Use %logger rather than

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\log4net.Portable.config

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):2239
                                                                                                                                                                                                                                    Entropy (8bit):4.841581341023348
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:ja0lgHDXtcTqeN/83GbjZ+HDnuL6cTqeZ9pWp1PsxPsf5:36Qn8WM67WB
                                                                                                                                                                                                                                    MD5:42379072EC79EADE9CBEEDAF2797AE04
                                                                                                                                                                                                                                    SHA1:DBDEC2F2567611A0B2CB57EF2F84A53D25E324D7
                                                                                                                                                                                                                                    SHA-256:4B964719016F8C1A942EC2A38DE9DC31DA7883B550E8A51C50DCCF85A0426534
                                                                                                                                                                                                                                    SHA-512:E22B02A09A04B593DBAF9495DB87288C6BC0964D6EC490CF8492210B00A0B6E613CAABA85F4181E3FD28715787829BC6BAB56683F4213156AEF796580283E030
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:.<?xml version="1.0"?>.<configuration>. <configSections>. <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />. </configSections>.<log4net>. The DetailsFileAppender writes all messages to a log file-->. <appender name="DetailsFileAppender" type="log4net.Appender.RollingFileAppender">. <file value="AppData\Local\Atlassian\SourceTree\sourcetree.log" />. <filter type="log4net.Filter.StringMatchFilter">. <stringToMatch value="CustomSettings"/>. <acceptOnMatch value="false" />. </filter>.. <threshold value="DEBUG" />. <appendToFile value="true" />. <rollingStyle value="Size" />. <maxSizeRollBackups value="20" />. <maximumFileSize value="1000KB" />. <staticLogFileName value="true" />. <layout type="log4net.Layout.PatternLayout">. Use %logger rather than %class, we already name the loggers based on class type . and using the logger name directly avoids i

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\log4net.config

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):2246
                                                                                                                                                                                                                                    Entropy (8bit):4.882026849133046
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:jaMlgH5ZTqw4N/83GbjZ+HluL6cTqeZ9pWp1PsxPsfgI:36rHu8WMA7WYI
                                                                                                                                                                                                                                    MD5:84344360D1799197E48A67D65B842802
                                                                                                                                                                                                                                    SHA1:34F9490A01FAFF366F77E65D3A73903E7FF0C31D
                                                                                                                                                                                                                                    SHA-256:BEC1D4C19D69CCF1EB771174FE5E34C1047023DAA11579E14FEB1190F3489241
                                                                                                                                                                                                                                    SHA-512:BCF0FFA2A5E90BF2F302455AF9E8A5B2F95B52EF833C638076E41303F7F695057185914843DF6F3A3068BCD95291BD094D1E2B36FBC0C48E5F781A6FB4A8ED14
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:.<?xml version="1.0"?>.<configuration>. <configSections>. <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />. </configSections>. <log4net>. The DetailsFileAppender writes all messages to a log file-->. <appender name="DetailsFileAppender" type="log4net.Appender.RollingFileAppender">. <file value="${LOCALAPPDATA}\Atlassian\SourceTree\sourcetree.log" />. <filter type="log4net.Filter.StringMatchFilter">. <stringToMatch value="CustomSettings"/>. <acceptOnMatch value="false" />. </filter>.. <threshold value="ERROR" />. <appendToFile value="true" />. <rollingStyle value="Size" />. <maxSizeRollBackups value="10" />. <maximumFileSize value="4096KB" />. <staticLogFileName value="true" />. <layout type="log4net.Layout.PatternLayout">. Use %logger rather than %class, we already name the loggers based on class type . and using the logger name directly avoi

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\log4net.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):274896
                                                                                                                                                                                                                                    Entropy (8bit):5.630619923041831
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:qLnygex/pGiYUEtdH1mhMM8Jc629LFmsSQ775zfVJc6ZhSGCkMekLn7GUYaQy7Kd:ql6kXmaM8kHlda6ZhS1neaYaQh
                                                                                                                                                                                                                                    MD5:32FCC70DC05AEA039D3A1CEB329E3AA0
                                                                                                                                                                                                                                    SHA1:806A844B58E209F0053AD56F0BF82DFB67C03C32
                                                                                                                                                                                                                                    SHA-256:EE79FB3C3A009E4B11062A4D4B827BCA734AAA27476BA9CD3283876A47099287
                                                                                                                                                                                                                                    SHA-512:A0EFEA7019BCA197D6D5BF643E386C43D1359D2669126C9BE622BC084CB674C44FACEF1CE6EF71A092B1D829EF3E309C7AF14BBF9A5D83CDDCC4C77DA677F463
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....v=..........." ..0...... ......~.... ... ....... .......................`......}Q....`.................................,...O.... ............... .......@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\pt-BR\SourceTree.Localisation.resources.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):150992
                                                                                                                                                                                                                                    Entropy (8bit):5.292081203011281
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:AyB+k16evPcTbiVSv59jrwZlY9H4mjP6DHPEb9LFQovTKgN/aZ7J+LnFr7WgOuIt:5ViLnFr7HZmR
                                                                                                                                                                                                                                    MD5:68DC6E7500E9180D62399B40CB16FBFE
                                                                                                                                                                                                                                    SHA1:EE3B90AA6B81911E0343847BE0A1F4533DA8500E
                                                                                                                                                                                                                                    SHA-256:F45C707131768CE3368931817BEA252C95601C57FB5BB67506F0D687B5FFB29A
                                                                                                                                                                                                                                    SHA-512:6CDD36F25533D6980F6AF69A0B07CFD2726DA8B999FD1DFDE445F9E9E7BDD2598625021C5EB1C0C8D1B52104EB9C45DD17E6BF8B31A00575577B855804A50D1C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f...........!.....2...........P... ...`....... ..............................k{....@.................................xP..S....`...............<............................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................P......H........L..............P ..P,..........................................h).............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....#.......PADPADP.6............E.E..........~.0..e9.a....._...S....,..2......F.).."M...~..?........G.8SM..........).G.c.z....f.I....nD...^.........kt..6.(...Z.............T......#....P..<...@..~&&.....@.........._.s......n...o......79.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\ru\SourceTree.Localisation.resources.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):195536
                                                                                                                                                                                                                                    Entropy (8bit):5.3962926447299076
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:EyBjpjKNPY5n/0xn5Zpn8cc8+69kn25qhaSGTHErpBj4NuEDuaCWt7vX01WWoSom:NsbxE1WWoSo3PrYY9s7GCjL1576LKAux
                                                                                                                                                                                                                                    MD5:B1CEA8DB4EEE235C846552A901D4F199
                                                                                                                                                                                                                                    SHA1:B4F7BBAEC7BE0BFDD5F6796D8B103244B2C7910E
                                                                                                                                                                                                                                    SHA-256:96BE197EE039E50BD7412D90F8040B7642B4046A812381FD7C0026E8C77DF25A
                                                                                                                                                                                                                                    SHA-512:6C4E2056551BB10FD9CD916DEFA95BA7BEED92E6BDCB43E0A12B5247690ECB8624E9038D6160A844E4439D2F90DEDE473651CEDE10ADD1C0B7042A69584E5569
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f...........!..................... ........... .......................@............@.....................................W............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......................P ..e............................................{.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....#.......PADPADP.6............E.E..........~.0..e9.a....._...S....,..2......F.).."M...~..?........G.8SM..........).G.c.z....f.I....nD...^.........kt..6.(...Z.............T......#....P..<...@..~&&.....@.........._.s......n...o......79.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\slf4net.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):21968
                                                                                                                                                                                                                                    Entropy (8bit):5.983655269362451
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:nCQWxENWD2LZSO+oRFoTd9m40xyHAAXYYIYiW6B:npWJf6RFoixyHAAXYBYifB
                                                                                                                                                                                                                                    MD5:601B37C20FF418F1D6CD7EE03F2D1B39
                                                                                                                                                                                                                                    SHA1:A87233D9190E14B98EB7753161299FE4309CB25F
                                                                                                                                                                                                                                    SHA-256:8B5E8253419948CC4BE6442290BC960F6A3CA006A16561340F629836CEC21BB7
                                                                                                                                                                                                                                    SHA-512:F312D6C2434CCD213BC86851C687F731F4B75172011B313226208ABB6DB3EF5F196DAB13C93F8A3F032514F680BB715A3323FA01F2E2609A8B07AE55034F8868
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....P...........!.....<...........[... ...`....@.. ..............................q.....@.................................p[..K....`...............D...............Z............................................... ............... ..H............text....;... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............B..............@..B.................[......H.......`)...1..................P ......................................']..<...`~.......g..wZ....Z.p.[|....4.s...7.....gR.vt.E..Q.U.i,p...o......$..{.P.j......./@...@.....7...<....M.L..?.}*&r{.0..G................(......(....u................-.r...p......(....(......s....z.*..{....*"..}....*F.rS..p(....t%...*6.rS..p.(....*..r]..p(....,....(....*..o....o....(.....*..( ...*F.rw..p(....t....*6.rw..p.(....*..("...*B......-..s#...z*..0..V.......s$.....r...po%....o%...&.(..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\slf4net.log4net.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):14800
                                                                                                                                                                                                                                    Entropy (8bit):6.061936046874699
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:4QxEWeZ47pdxn4gAwl82+OYKsp4XzfIYiXlL:lEW04XhzOVOYKsp4XzgYiN
                                                                                                                                                                                                                                    MD5:4EBA01877483F551382A94FC4430D29C
                                                                                                                                                                                                                                    SHA1:97C8D03D7E0E27CCC896A9504085BC25FC7E419B
                                                                                                                                                                                                                                    SHA-256:0ED0EEA91BFDC0A377CF3336A00420928250EC503C736EA5E2F7FDAC8A35E193
                                                                                                                                                                                                                                    SHA-512:B94B13FF579AD6560482E5EB58FD06104F12F083CEF5E9B43602AEBA320C4B336E7B125D4572927B29FE20D7E74AF6FB9B69F98B0DAEC7DED708C22BE7AA32F5
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....P...........!.................=... ...@....@.. ..............................4E....@..................................<..S....@...............(.......`......,<............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................=......H........%......................P .......................................3..gFL...].\.....)..my...5=J..........WT...C.X.Iy...71D.~n8.-.....Vv..._...0.6.@j1=s..UGA..T..uy..wW.o2.j.Yi.!BTy...;=d......(......}......(....}......o....o....(....*2.{....o....*:.~......(&...*B.~........(%...*B.~........(%...*:.~......(&...*B.~........(%...*F.~.........(%...*Z.{....o....~....o....*:.~......(&...*B.~........(%...*B.~........(%...*:.~......(&...*B.~........(%...*F.~.........(%...*2.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\7z.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):1846224
                                                                                                                                                                                                                                    Entropy (8bit):6.292828915287821
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24576:+8sHeHKHplfu94i55tbhris2CCEnWaWBvYyozGUIjnRnUg:+8Y/Q94iZNrP2t0ZyyIjnRnUg
                                                                                                                                                                                                                                    MD5:6FF7D88281DBDB7A6DBB4E5236B96311
                                                                                                                                                                                                                                    SHA1:1E4DACBB6B01767552B8C884BF72BC483FE63526
                                                                                                                                                                                                                                    SHA-256:BFADC22CDCC9FACCAF2A125164900D8D7B436EA95126AB8A6F06771BC815D38A
                                                                                                                                                                                                                                    SHA-512:4BB4B53717BE55869987A809B1AFC31572C73D6F56B131A754F0DC2D8F45B7747EE1F918050FAF339A8CE80D90B370FC8356ACD4F40436A22BB9C6F8BAC39C67
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..07.sc7.sc7.scA-.c6.scA-.c<.sc7.rcR.scA-.c.sc!.wb4.scA-.c..sc..pb0.scA-.c6.scA-.c6.scA-.c6.scRich7.sc................PE..d....\.d.........." ................pe..............................................G.....`..........................................-.......$..x................1...............!...................................................................................text...]........................... ..`.rdata...^.......`..................@..@.data........0......."..............@....pdata...1.......2...(..............@..@.rsrc................Z..............@..@.reloc...3.......4..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\7z.exe

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):561616
                                                                                                                                                                                                                                    Entropy (8bit):6.225098992199025
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6144:fE7cV3iwbAFRWAbd4nf0H05yqE6Hl0ChW0+ksllAXBu0lWGWUJJQ4t0BHQQf+L+J:s7a3iwbihym2g7XO3LWUQfh4Coe
                                                                                                                                                                                                                                    MD5:D89D914352B39B973C62EBE1A93AC9D6
                                                                                                                                                                                                                                    SHA1:C4DE3BC484A54D2D33304C236125C11D163E1652
                                                                                                                                                                                                                                    SHA-256:74109ABE36BDE2A15AD01464077CC6924084DB9C3D4D8FC024608646A341FA29
                                                                                                                                                                                                                                    SHA-512:631434CD6E30A28B4CD44F3DC97FFAC73B88D5DAC944CB9E0678F0A8EEE6030E17587343C0351DEC71E09A233E7952A7772155395B0A027B86A8909B88FBF2A4
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............xaX.xaX.xaX...X.xaX...X.xaX.x`XlxaX...X.xaX..eY.xaX...X.xaX`.bY.xaX...X.xaX...X.xaXRich.xaX........................PE..d....\.d.........."...........................@.....................................,w....`.....................................................x............@...q......................................................................0............................text...v........................... ..`.rdata..T...........................@..@.data....-..........................@....pdata...q...@...r..................@..@.rsrc................j..............@..@.reloc...............r..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\Askpass.UI.Wpf.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):64464
                                                                                                                                                                                                                                    Entropy (8bit):6.740531744222371
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:/xNF/ntKDQcL4QFZgBBGtkpx1FQUiW15BUoG700:pNFPV3y6BBGt0LqoGA0
                                                                                                                                                                                                                                    MD5:D7FEC0317C0EF4DB8BED78928CBDF3AD
                                                                                                                                                                                                                                    SHA1:8012F2E7E45B47C40C4C378FAF34A79F66949782
                                                                                                                                                                                                                                    SHA-256:D81E876E227B051AB3C95E6BA2E3A63203EF19583D9CCB39FAA214F3602AEE31
                                                                                                                                                                                                                                    SHA-512:0AFF1EBB9A22EE8D1448E3FB4A8069EA545B60F6B1DA032DC31453DAD7C26730CF66C1778F1F89A72FA0F8FDD274CADF79B059FEF564EA54DB19FE530C2F3674
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Y...........!................n.... ... ....... .......................`............`................................. ...K.... ..8....................@....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...8.... ......................@..@.reloc.......@......................@..B................P.......H.......d...............h#................................................{....*"..}....*....0...........(......(.....(.....{.....s....o.....(....(.....{....(....o.....{....(....o.....{....(....o.....{....(....o.....{....(....o.....{....(.....(....o.....{........o.....,..{.....o.....{....o....,..{....o....&*.{....o....&*:..(.....(....*:..(.....(....*.0..$........{....,.*..}....r...p.s"......(#...*.0..............YE................,...9...F...S...w...8......t....}....*..t....}

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\Askpass.exe

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):14800
                                                                                                                                                                                                                                    Entropy (8bit):6.0724532674225955
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:/pJZwVbRIxPtl5kYKNQL2LberQV+u/E/V1vwcHIYiYF8d7MG5ZgF:/pJaVbRqNkjQqLbiQV+z/zwCIYihZi
                                                                                                                                                                                                                                    MD5:74876817FD0167E831DAD4AB9CE94B2F
                                                                                                                                                                                                                                    SHA1:6C11A487EAF8356D634C48431C3299561BBFFCAD
                                                                                                                                                                                                                                    SHA-256:0719FC7EE59FEA96FC29C9FD9B60EDA6E5FCD4F9F338DC7859EB5A3F32184FA3
                                                                                                                                                                                                                                    SHA-512:0C0F8DED627B39487A052E47A98BE752AFAFD82AFEFECB445C36D571067DE4210E85D0662074AE73B581FFBC59082717F5440EFBC6CBBCE0B85F01CFA5A22C21
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Y................. ...........?... ...@....@.. ..............................$.....`..................................>..O....@...............(.......`.......=............................................... ............... ..H............text...4.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B.................?......H........&.............. &...............................................0..Q.......r...p(.....r...p(.....r9..p(.....rK..p(...........(........(...+./.~....+........(....(....rk..p(....o....&(....s.........i.2P..r...p.o.............r...po.............r...p.o.............r...po............(....-..(....9.....(....9......r...p(........o ....10...o!...o"...o#....2....o!...o"....o$...o%....+F..r...p(........o ....1....o!...o"...o#....2....o!...o"....o$...o%.....(....,#.(....-.r9

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\SourceTreeShared.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):24016
                                                                                                                                                                                                                                    Entropy (8bit):5.938807276481506
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:iD1svSuB+VS484PDwqYDkHmLMuRFbK259J9f4EUZXDWbYapl7PEIYitWC:WegYDP3159Jhhccl7P1Yi/
                                                                                                                                                                                                                                    MD5:C75825665CDC01E96A38C115B1476428
                                                                                                                                                                                                                                    SHA1:28A104643A2D7FF39BFED7B95DE301F3F29E94C2
                                                                                                                                                                                                                                    SHA-256:1470D8FA1C77C4A506E7F829F2127D8CEFF66BD97048BB8868C548F1B44761D5
                                                                                                                                                                                                                                    SHA-512:AAF6CE2C03BEAF3108F3EC2E962A41FFBBE20AF461EE584F7A431B35294EAEBEEBBB0DEF46B2AFD8209B3B8EBFB552D49709D9630E865BB36F1DE1FE520B77AB
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...DLCW...........!.....D...........b... ........... ..............................t.....`..................................b..O....................L..............da............................................... ............... ..H............text....B... ...D.................. ..`.rsrc................F..............@..@.reloc...............J..............@..B.................b......H........2..p.............................................................{....*"..}....*..{....*"..}....*..(....*...0..P...........s......o......(....-..o....-.r...p..o.....&...(.......&.....(....,..(......*........8:.......0..............s......o.......&...(....9.......r...p.o....,...o.....+..r#..p.o....,...o.....+..r3..p.o....,...o......rA..p(......o.....1,..o ...o!...o"....2...o ...o!....o#...o$.....(....,..(........(......*................"..(....*....0..`........(....-V

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\getopt.exe

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):22480
                                                                                                                                                                                                                                    Entropy (8bit):6.013707467205252
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:384:mGVr2nf27bXRCBBa7Gw/dXdrNaJ3JxKkl+4Qi2OpIYinat:ma2nf27d26eJpHAO+YiM
                                                                                                                                                                                                                                    MD5:EBEA7907FB5BF3ADE276F02C7B738C6B
                                                                                                                                                                                                                                    SHA1:AA344E410C54E146816A10A86E8224DBE570264E
                                                                                                                                                                                                                                    SHA-256:3690490A7903BE6E5155670E69B9FB7B142CED81A63D79E46246FD81BD68BE41
                                                                                                                                                                                                                                    SHA-512:67063003B947364B66E90913719782BBB9FB76DDF410D8AB6B469B910EA57B60371966E0700446479309D48F1387C3116517CF2F044C1001B8BE29812277B144
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......H...............8.....$......0........0....@..................................|........ ..............................`.......p...............F...............................................................................................text............................... ..`.data........0......."..............@....rdata..T....@.......$..............@..@.bss.........P...........................idata.......`.......,..............@....rsrc........p.......0..............@...................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\libiconv2.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):902608
                                                                                                                                                                                                                                    Entropy (8bit):7.388507627458599
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24576:4f0TfklyKuJGavkg3Ny4WbbbVQMBAUZLYVgem4:MaayKuJGaXFQQMBAUZLYVZZ
                                                                                                                                                                                                                                    MD5:1A500432275A5D4016BCEDB781FD15C3
                                                                                                                                                                                                                                    SHA1:80690403275998423C7C8E21E599DA0C74462D9A
                                                                                                                                                                                                                                    SHA-256:210AE7CDA2A8DDF79A026C258B155FF2818402F7BBD84058F1A6EABCCC254D53
                                                                                                                                                                                                                                    SHA-512:31CA9B9D0A85D1EC333AFF18D62855DAC3E74CAED1689B4ED79FEC7E5CB0A4DDE68149A196E4FAB1F86ADCA35256D1E6D996BF931F686BC0163B15FF704090AE
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....eW@..........."...8...................................................................... .........................................\............................................................................................................text...d...........................`..`.data...@...........................@....bss.... ................................edata...................................idata..............................@....rsrc...\...........................@....reloc..........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\libintl3.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):107984
                                                                                                                                                                                                                                    Entropy (8bit):6.545288223134781
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:1536:MMuK+nitJ6B/16WVlvdftjm0YMBBCauBKNJ0n/bDsS22Es75:MMuMJ6B/16Srf9ljJ0/boS22EsF
                                                                                                                                                                                                                                    MD5:861E11EC555C2F4AC739400F3FEFB14A
                                                                                                                                                                                                                                    SHA1:AE6B87E1BE12FA6ADB04CA118602B027A8BB15C2
                                                                                                                                                                                                                                    SHA-256:F1A1FD7DE36F4C0EB044C4B5FD104293417CF0C2DBE88F9508C27615E065F59D
                                                                                                                                                                                                                                    SHA-512:8EADF223C91DD52DD4228837081E2BCE7E9DFC69C485B6B2619E1CBBD04D835C27721F0A164506FB52FE8063C6014364E19E42DE9CFB0E673497BE95BF121021
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{B..........."...8.X...................p.....`.......................................... ......................................................................................................................................................text...DW.......X..................`..`.data........p.......\..............@....bss.....................................edata...............^...................idata...............f..............@....rsrc................t..............@....reloc..........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\msys-1.0.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):747800
                                                                                                                                                                                                                                    Entropy (8bit):6.704159400774285
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:12288:Ek4iwdysRPmUPQnOw1pX96Zi7pSE8fpq6BHaEow8BeCjBMGf3ji9LLpu4wFeeKhD:dW3jPG1x9YidgLc4wseSFmbNdKtuo
                                                                                                                                                                                                                                    MD5:115798D13A63EF8A1DF3CAD91783485E
                                                                                                                                                                                                                                    SHA1:71BC96F82C53D4FDC8461AD54F66E85AAEBB27FE
                                                                                                                                                                                                                                    SHA-256:5860A345D6C48C559D119D5D1CA232A37C7BEB66C0675DED5BD8C468FED46A2C
                                                                                                                                                                                                                                    SHA-512:2874E17F1BAC2A37593A23CCC79D6543C04111787EF9291D841F45F49B7C1A8CF7ADD0EBE91650226B4891B297AA238F6AC1E0809C0EA91023908C5775E39E56
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1&'N.V........."...8.........f................h.........................0......Qn........ ..........................\...p..|.......(...........HW...............................................................................................text...............................`..`.data...8q.......r..................@.../4......D.... ......................@.../17.....x....0......................@.../31..........@......................@.../46..... ....P...................... .../61..........`......................@.../76.....H....p....... .............. .../91.................."..............@.../103.................$.............. .../115.................(..............@.../127....0............*.............. .../139....x............,..............@.../153................................ .../167.................0..............@.../180.................4..

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\openssh_add.cmd

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:DOS batch file, ASCII text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):195
                                                                                                                                                                                                                                    Entropy (8bit):4.577760516656693
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:6:hntgxzlqR/csRK++CuGAHgRAiO//isqNH83z03:kL4BDuGFRAi2/isgV3
                                                                                                                                                                                                                                    MD5:0A4934FBEA0A75A605EC09F4146348DA
                                                                                                                                                                                                                                    SHA1:0A939FFC505F8D58B8BE9B22698204A45FEBC719
                                                                                                                                                                                                                                    SHA-256:8C5AF333F96AFF4A35E1FF48524D37E2884663BA7BA83B1CB3FFB76C3CB31DD5
                                                                                                                                                                                                                                    SHA-512:CD0E606E4DD5071ED63BC7BF5BA40498B9043280C1D995977ECAD505DF267C8D3E6AD2D305FDDDCED04AFB9E5257787FE13D3B468498AC308AE0E0FC60E2C7B3
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:@echo off.echo..echo SourceTree is loading your SSH key into the agent for authentication.echo Please enter your passphrase if prompted to do so.echo..set x=%*.For %%_ In (%x%) DO (.ssh-add %%_.)

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\patch-2.6.1-1-msys-1.0.13-src.tar.lzma

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:LZMA compressed data, streamed
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):262494
                                                                                                                                                                                                                                    Entropy (8bit):7.9992678280748555
                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                    SSDEEP:6144:oESw5/xWg+j2gc506b/RRLunX31OROkNw4aYfbsa/:oESwlWK9TLgQR0Yfwa/
                                                                                                                                                                                                                                    MD5:75B3078A043B8B9F35B676B1ED403D88
                                                                                                                                                                                                                                    SHA1:BDF8933845B2E2D5AAD5FC05BF2665845A8091A3
                                                                                                                                                                                                                                    SHA-256:D8542CAEF2C5A813CEBEE83960D730DB0D128580AED1B144D5076571EC318D92
                                                                                                                                                                                                                                    SHA-512:707291E1B31B8E3EBB12A8B40D7756117E3884097F308150D13A4B7D10141B3BC55FE2B5CE000EA47BC00F60CAB53067C53EE8F3A9B178E15A28C57DD8776259
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:].............8.J..-.q.....@....5..H......|...w.k[......N..7..Ia.?.<.......sK..."..3.61...a5..(...f--...F..lP....G.fhH....,F.E...b.!.t.......7.......M.F...nW.0........1-..|G.T%./5....9%..P.8.v.......EG#.."....S..g.B...M..>.. .r....w/.....P..[`....C.0.pm.....`. ........Q.?'....P..........+m#iz../N...C....h+z...Q......T......r..J....|.`.|.eV1...Z.Q.k....K>..$`.+).[.....Zk...d:...0...w.....Az.. ..`.....#.q.)...B...J.5q'..t(6...]O[..a...e...I.Oh..C..b..93..(T{.p.F.*...i.E....Q...DZ.Og.4...L........Q$4JHUg.*'.DT=....f.S.o.8..G.g,........e~t.5",!.ty`..<.......Q..EP...F...Q..^4.}.5...V.\.h..s.......,.eE>".rs?.^..C&......[IX.i...K.*....xA.S.;..`z..|..xj.j.S.].E.....S....*..{.?.?.....=....J.....H.P/.."....~..QVPg.....7.9....d....o....O.>k..$U.S.:...........6S~.....?W8.qb.?L.u...[..Fem..^N..WS.2...4.:....~U5b@.....->..l..%.1..n.......+yU:...3V.....>[.%.w.@....]f^.yB.....M\.......u.........g}".qH.YL.^Q.V..x0...y.....W_s.^..Bp~

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\patch.exe

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):112080
                                                                                                                                                                                                                                    Entropy (8bit):6.589439456529063
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:yMUVzM3Vc3U9q4HWas1EeTb52cb8XMmfP4Jv1pM3h7PIDn2kYOB:y3CvHW91EeTb52c4MmfPSv1q7PIDJYy
                                                                                                                                                                                                                                    MD5:D5B3B0DBB32DD66AD7432E89A3C2156A
                                                                                                                                                                                                                                    SHA1:A4389C9B13FEAA86E9FF455691A4D70C771E7BF3
                                                                                                                                                                                                                                    SHA-256:18FE7C3CA71AC164B511319063E0F906B3804A014DDD4AE3DECC59BFDD925985
                                                                                                                                                                                                                                    SHA-512:747DC2FB2275320325198DB80B4393CA1B67AED50BD51BB320274BD715D99B5404E7DF21CA2B65F161A6573153E34E9795B61F56EE1A623843470ACFA9124DE9
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s>.K...............8.T...L...............p....@..................................W........ .................................h....................................................................................................................text....R.......T.................. .P`.data....>...p...@...X..............@.`..data_cy............................@.0..bss..................................@..idata..h...........................@.0.........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\patch.exe.manifest

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):568
                                                                                                                                                                                                                                    Entropy (8bit):4.809216920329024
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:12:TMHdtlwin5DgVO9SNR5xe0lw0EcgxA0HR2:2dtlwGDgZNR5xe0lwb++R2
                                                                                                                                                                                                                                    MD5:CA71019655545AFB24821EB5ADAAEFAB
                                                                                                                                                                                                                                    SHA1:8FCA00BF34073386759A1D51D61E4CBF5F92F2B6
                                                                                                                                                                                                                                    SHA-256:3191FC29023434709A9C99CFD0E7BA2220CB76451ECD273D9E8DD7CE0B736483
                                                                                                                                                                                                                                    SHA-512:C82762D2A81004C9DD8329037AF0B34700ABA396A7BA80551BC3F12921CE82274F5015D6C0B326E0FC9D18DF5FE66EE890F661D7A44513E4AF54F06F63141FA2
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">. <assemblyIdentity version="1.0.0.0". processorArchitecture="X86". name="patch.exe". type="win32"/>.. Identify the application security requirements. -->. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">. <security>. <requestedPrivileges>. <requestedExecutionLevel. level="asInvoker". uiAccess="false"/>. </requestedPrivileges>. </security>. </trustInfo>.</assembly>.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\putty\pageant.exe

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):888592
                                                                                                                                                                                                                                    Entropy (8bit):7.243714628283866
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24576:sCD5sroWTXpHD2M4a3maKIe0MStS/o6ui2O9iT8C:DJ+GaTKIeVSc/zuiJil
                                                                                                                                                                                                                                    MD5:953B8B1B68C5AC4941DC86D55567F16C
                                                                                                                                                                                                                                    SHA1:EA53BA6318018F5CC573513358319E90506B5D8E
                                                                                                                                                                                                                                    SHA-256:6EFB0191E0BFD6AE9177EB5077CE7B765859CD548AC181A128B2EAF3FCF635A6
                                                                                                                                                                                                                                    SHA-512:F624B9287C955822DE22F8B7A7DE1C23A5DA060DB0855EF0315268BF8E76D92BDD1D4D112D8ABD46CB87E5834431EFC4C5245C093444BD43488BCD6D6D55202C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f..........".................t..........@.........................................`..................................................................p...5...8...W..........................................@...@...........h...X............................text............................... ..`.rdata..............................@..@.data...T-...@......................@....pdata...5...p...6...,..............@..@.00cfg..8............b..............@..@.gxfg...p ......."...d..............@..@_RDATA..\...........................@..@.rsrc...............................@..@.reloc...............&..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\putty\plink.exe

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):996656
                                                                                                                                                                                                                                    Entropy (8bit):6.543874470340527
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24576:35Y3/qr+sW307oGQysCmpBpdqz6aiDVT3DOEmEppc66OIO:g/qr+sW307oG6vyuaUVTKEU66
                                                                                                                                                                                                                                    MD5:CC62BA67C1200202D1DA784EA0313408
                                                                                                                                                                                                                                    SHA1:0E6A2AE1525016CCFE293730ABD4B4945B49934F
                                                                                                                                                                                                                                    SHA-256:2E338A447B4CEAA00B99D742194D174243CA82830A03149028F9713D71FE9AAB
                                                                                                                                                                                                                                    SHA-512:8D435D74D2250DB03B8F08B07342895557AE7EDF9D99BB7563379B08397BE12FD57599B2737C54C345457F399F526F08983EDD393CFF9B1F047339A95725DE36
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f..........".................,..........@.............................P......SB....`.....................................................P............`...]......0W...0..........................................@............................................text............................... ..`.rdata... ......."..................@..@.data..../...0......................@....pdata...]...`...^..................@..@.00cfg..8............z..............@..@.gxfg....+.......,...|..............@..@_RDATA..\...........................@..@.rsrc...............................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\putty\puttygen.exe

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):972568
                                                                                                                                                                                                                                    Entropy (8bit):7.20129973210164
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24576:CW9i1oOkQMpKJu++ad9HKaKIe0MStS/o6ui2OdjQ:CW9Ek++69/KIeVSc/zui2
                                                                                                                                                                                                                                    MD5:1E046E1C21903C92276F581BE221D46A
                                                                                                                                                                                                                                    SHA1:1EAEBD7CAE8E8184E416CF0A9EF11075DFB55DBA
                                                                                                                                                                                                                                    SHA-256:CF4151EBDB7E6E1C9CC1087114461383EA5FB33171061AD3810E555568CC20E3
                                                                                                                                                                                                                                    SHA-512:D7AF53070364C379DCACD5AAE9E9D094E9A254C544978D2AAC9EAA0F2ECA80BDFAF9FF713876F0EEBF167EDAF79AB08DA4450197CFF64E694ED850D3A17619AF
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......f.........."............................@.............................@......}.....`..................................................;...................8.......W... ..................................(.......@............A...............................text...@........................... ..`.rdata..............................@..@.data...|X...........^..............@....pdata...8.......:...l..............@..@.00cfg..8.... ......................@..@.gxfg....%...0...&..................@..@.tls.........`......................@..._RDATA..\....p......................@..@.rsrc...............................@..@.reloc....... .......n..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\stree_gri.exe

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):11728
                                                                                                                                                                                                                                    Entropy (8bit):6.158990676337943
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:192:pG8ue8/Y61Jy3xhnH4QlMcZHCD3IYiYF8d7MGtewKMj:ExPnmrMGHgIYiFX
                                                                                                                                                                                                                                    MD5:4195BA4E8A4A923D2FBE48E093B4FB3D
                                                                                                                                                                                                                                    SHA1:FBFCD3B861F4C0B19036A858CAAFA34332C1519E
                                                                                                                                                                                                                                    SHA-256:ABF2C41476DC58560607936A36AEE46E278483E7DE0FFB2F9379378B6FCB9C6C
                                                                                                                                                                                                                                    SHA-512:79BEAB15F51820393EEEC5E8CB0F8F62102F4FBFD7396F0BBF2B863704E238A4B8CA21E19897219A67ED250513D562912F50749F8FA0B5DA465034BA258A3381
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........."...0..............0... ...@....@.. ....................................`..................................0..O....@.......................`......h/............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H........#...............................................................0...........(.....r...p(.....r...p.(........+*.r...p......%.........%......(.........X......i......-...i.......,....8.....(........,....8.........(......(...........,.(.....(......(....,..r;..po....+......,.......%.rY..p.%....+9.rk..po........,.......%.r...p.%....+.......%.rY..p.%.......+*.r...p......%.........%......(.........X......i......-...r...p..s......... .'..o.....s.............+3............r...

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\tools\svn.pl

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):3532
                                                                                                                                                                                                                                    Entropy (8bit):4.8306925534949405
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:96:HvRcRWyKNC3kEqZQ40zvH1YXT07SgKBvHN:HvSRWw0EaD0TMCBWfN
                                                                                                                                                                                                                                    MD5:72E0EEB4FEB68C325BB3AA50D2DCF5B8
                                                                                                                                                                                                                                    SHA1:33E879434C2C1BDD95A491492D0F0409BEF2DCC2
                                                                                                                                                                                                                                    SHA-256:42156C573488ACC006D0A33016F28716A617A87AFB2C13B527AD568A4AE25CD6
                                                                                                                                                                                                                                    SHA-512:316A80D0184A10F7599A70FB6D3888BA658AE5010033DC9BD9A5889A477D93486D1D0EF0B26416F91844CC9AB5C0CA64BEE158C8C3DDD1F9237450D510BC8CFF
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:use strict;.use SVN::Client;.use Git::SVN::Utils;.use Getopt::Long;..my $debug = '';..GetOptions ("debug" => \$debug) .or die("Error in command line arguments\n");..if (@ARGV < 2) {. die("Required: command and URL");.}..my $cmd = $ARGV[0];.my $url = $ARGV[1];..# must canonicalise, use Git::SVN::Utils.$url = Git::SVN::Utils::canonicalize_url($url);..if ($debug) {. print "Command is: $cmd URL is: $url\n";.}..# TODO: deal with auth provider - need a custom one?.my $ctx = new SVN::Client(. auth => [SVN::Client::get_simple_provider(),. SVN::Client::get_simple_prompt_provider(\&simple_prompt,2),. SVN::Client::get_username_provider(),. SVN::Client::get_ssl_server_trust_prompt_provider(\&cert_prompt)]. );...if ($cmd eq "info") {. my $infocallback = sub {. my( $path, $info, $pool ) = @_;. if ($debug) {. print "Current revision of $path is ", $info->rev, "\n";. }. . };.. # NOTE!

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app-3.4.19\zh-CN\SourceTree.Localisation.resources.dll

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):140240
                                                                                                                                                                                                                                    Entropy (8bit):6.041522745203897
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3072:fyBRGRs447gvZBpLbgwMkdtj1jc2RWDLD4THEfHPmFlAL3a2dC2+HVqdovzAXOQl:+k6ObAOg88sZMkncJ
                                                                                                                                                                                                                                    MD5:22501F158C19070D6C257F3E1452914E
                                                                                                                                                                                                                                    SHA1:62A7589A8CA003CBE4A187A8C5024679C6C35D23
                                                                                                                                                                                                                                    SHA-256:94802DB17E64678F6EB018CABF20940001DCA43C2F7E43427B119F102BE9B965
                                                                                                                                                                                                                                    SHA-512:B1E897E477B238CE33FA91EA66421D40CE290806CBC8A26CF0CBC556CE00D4DA23948D2FEF8475AE89B460B1974E2A42409286E2093D9BA277993F52150B7FEA
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f...........!.................&... ...@....... ....................................@.................................H&..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................&......H.......p"..............P ..............................................l..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....#.......PADPADP.6............E.E..........~.0..e9.a....._...S....,..2......F.).."M...~..?........G.8SM..........).G.c.z....f.I....nD...^.........kt..6.(...Z.............T......#....P..<...@..~&&.....@.........._.s......n...o......79.

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\app.ico

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):48675
                                                                                                                                                                                                                                    Entropy (8bit):6.756669123814639
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:r/nLpKDQcOzHDU80pGw4QAh0I4NZgBBGtRC9xpx1dZKKQUGtWLh:r/ntKDQcL4QFZgBBGtkpx1FQUiW9
                                                                                                                                                                                                                                    MD5:8BFDFEC2C6A9F91C448A86BBEA2265A9
                                                                                                                                                                                                                                    SHA1:AC7BF1494085AFD89B0F1F6BBE2FCAF2342207F5
                                                                                                                                                                                                                                    SHA-256:D4C17AFA93263E4867825CC06A12F22CB8A05E89CBFB8BF1BBF624FA3DF2620C
                                                                                                                                                                                                                                    SHA-512:60118DF45BABB5A3C23570BE664201294F33FEB321CDA3EDD43D216B08019CDFCA17D6F39358282BB1ECD809BC602397FAA45DCDD5E22E96EFE8EE962FE57EAF
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:............ .(...F... .... .(...n...00.... .(-............ .ew...F..(....... ..... ..............................................................................................................9.1.E.v.I...I...E.v.9.1.................................3...I...M...S...S...S...S...M...I...3.......................5...N...U...R...Q...R...R...Q...R...U...N...5...................N...W...S...R...S..........X...R...S...W...N...............D.-.R...V...U...P...]..........._...Q...T...V...R...D.-.........P.o.X...V...S...h#..............h..`...T...V...X...P.o.........T...[...W...Q......................r..U...W...[...T...........W...]...X...X...........o*..^..........\...W...]...W...........U.l.]...Z...U........................V...Z...]...U.l.........P.).Z...\...X...p,..................y7..W...\...Z...P.).............Z...a...]...Y...g....`...c..i...Y...]...a...Z...................U...]...b..._...\...W...W...\..._...b...]...U.......................O...]...`...c...c...c...c...`...]...O........

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\packages\.betaId

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe
                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):39
                                                                                                                                                                                                                                    Entropy (8bit):3.996564718695828
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3:fClEG9D01n:fClEG9D01
                                                                                                                                                                                                                                    MD5:0878F7F7C98BC6367618660719B7B286
                                                                                                                                                                                                                                    SHA1:1DB1A7E817316FBB0F4A13DA5581303660E5E3E4
                                                                                                                                                                                                                                    SHA-256:2B40ECD5E0AC2495B4C7DB58DFB5255B8B269FC86812E545FA7801771E29B946
                                                                                                                                                                                                                                    SHA-512:2E729F18E65927FFEDEAE244467BEAD98784E26482487C6A9D2B33C06C2C9C91E96BAD2A396B979DB96542B154225BA0D271D6C82A5A0A6300425B0B381D1166
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:.01738bdd-b9f9-5366-ac93-2c5389a6a022

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\packages\RELEASES

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):81
                                                                                                                                                                                                                                    Entropy (8bit):4.833194447115392
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3:GungA2WVckgqU2+dQrLrGoiJn:Gon2ScpX2HGog
                                                                                                                                                                                                                                    MD5:0C0AD302151A5EC40EAD44761A050F7C
                                                                                                                                                                                                                                    SHA1:91FB6E56BD7538B60B424849B74EF26310EBB949
                                                                                                                                                                                                                                    SHA-256:D3F185D3D26CC4FAE8A0B5614300865CC025BF579264A93B826F0F0C9E1A2A10
                                                                                                                                                                                                                                    SHA-512:702B41D57B3D37ECBB60A0557B1043CFEF5991070A6E0A8487709A1BC16621E70AA5E50B88AA8411CB1355D2DCDB5302F7B28CD1C40656E68A62A365BC599D37
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:.8D46308BA3E89E165F30FEAEAF99CC0F310D5967 SourceTree-3.4.19-full.nupkg 23999615

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\packages\SourceTree-3.4.19-full.nupkg

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):23999615
                                                                                                                                                                                                                                    Entropy (8bit):7.998394957374667
                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                    SSDEEP:393216:VLwEHMIqgS6Y3NHUkl3YHkXPITL9UhJt5mH+HCSlSyYaydC7wckV1oMtndf/Ymvp:VLwmxStRhl3YHkX8OXm5aL7w7rtndgmR
                                                                                                                                                                                                                                    MD5:E5FBCDA3D80AF06951108C54690CA18D
                                                                                                                                                                                                                                    SHA1:8D46308BA3E89E165F30FEAEAF99CC0F310D5967
                                                                                                                                                                                                                                    SHA-256:67534EE3F0E63F4962059A7A7E62E1DDE0F25FD79F6F5799580DF0FB7C821C6E
                                                                                                                                                                                                                                    SHA-512:B6B4EF61CC09AF1AD9016F42E2EFED734173B8058021BD48697B34570F8B1B137EFC5BC766E0C1EBE6F55286A88C7EA361373C0D4160202844A0C5E353521A6C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:PK........U3.X................lib/PK........V3.X................lib/net45/PK........V3.X.48..4...g../...lib/net45/Atlassian.AnalyticsService.Client.dll.\{\TU.?..af........A..)..S@A..Eqa.F..fpf@Q).GfZ.V.V..,.g.%..ij.i....|.....;..;3.m.~v......w...>...r&<.x.!>|.<@.-.\I......{.-G;....Ee..*.4;..v[..P.5..V.S[f..k.Z.U.6:_[e+7E.d.>l....eS<.l^.$.n+...t`.E.p...hI..R...~..}G-..nGP..y...w...}.!..la.|.C!B.poFH..LA.........gz..N..'...$a.....(..;.F.?.-..>......#.&..}.>.i.t......2.L.E.,a..........=..J.^4...@.8....u<4..<..YP$.PP..6:..B.p..w.4...jG 03Ch\p.....!.....!|l...g.......I.....o.[.Q!O...e.y.<Cz..>.....i..O.7M}2...&..y.1JH...%....E.rE#B...!..c~..+...A.<.../.A........_#.g.@v.(..b5......`H....C...k..7o..".......I....|(....g....?..0.I........?.....p0.@.!.p ...AJq^....S.DZ.{.$...T.@R..y..8?Ct.L=.....M..C..^..,!...pL....y.G...k j...$P.Q.......a.G..U..,.rH.h2./$..S.ea_.@...l....v;....._..`..b..0=..x...k" ..6..*....m....ER....3t.? ...D.?.@).W.mCA.9....B.......1.....S

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SourceTree\packages\SquirrelTemp\tempa

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):81
                                                                                                                                                                                                                                    Entropy (8bit):4.833194447115392
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3:GungA2WVckgqU2+dQrLrGoiJn:Gon2ScpX2HGog
                                                                                                                                                                                                                                    MD5:0C0AD302151A5EC40EAD44761A050F7C
                                                                                                                                                                                                                                    SHA1:91FB6E56BD7538B60B424849B74EF26310EBB949
                                                                                                                                                                                                                                    SHA-256:D3F185D3D26CC4FAE8A0B5614300865CC025BF579264A93B826F0F0C9E1A2A10
                                                                                                                                                                                                                                    SHA-512:702B41D57B3D37ECBB60A0557B1043CFEF5991070A6E0A8487709A1BC16621E70AA5E50B88AA8411CB1355D2DCDB5302F7B28CD1C40656E68A62A365BC599D37
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:.8D46308BA3E89E165F30FEAEAF99CC0F310D5967 SourceTree-3.4.19-full.nupkg 23999615

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SquirrelTemp\RELEASES

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exe
                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):81
                                                                                                                                                                                                                                    Entropy (8bit):4.833194447115392
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3:GungA2WVckgqU2+dQrLrGoiJn:Gon2ScpX2HGog
                                                                                                                                                                                                                                    MD5:0C0AD302151A5EC40EAD44761A050F7C
                                                                                                                                                                                                                                    SHA1:91FB6E56BD7538B60B424849B74EF26310EBB949
                                                                                                                                                                                                                                    SHA-256:D3F185D3D26CC4FAE8A0B5614300865CC025BF579264A93B826F0F0C9E1A2A10
                                                                                                                                                                                                                                    SHA-512:702B41D57B3D37ECBB60A0557B1043CFEF5991070A6E0A8487709A1BC16621E70AA5E50B88AA8411CB1355D2DCDB5302F7B28CD1C40656E68A62A365BC599D37
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:.8D46308BA3E89E165F30FEAEAF99CC0F310D5967 SourceTree-3.4.19-full.nupkg 23999615

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SquirrelTemp\SourceTree-3.4.19-full.nupkg

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exe
                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):23999615
                                                                                                                                                                                                                                    Entropy (8bit):7.998394957374667
                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                    SSDEEP:393216:VLwEHMIqgS6Y3NHUkl3YHkXPITL9UhJt5mH+HCSlSyYaydC7wckV1oMtndf/Ymvp:VLwmxStRhl3YHkX8OXm5aL7w7rtndgmR
                                                                                                                                                                                                                                    MD5:E5FBCDA3D80AF06951108C54690CA18D
                                                                                                                                                                                                                                    SHA1:8D46308BA3E89E165F30FEAEAF99CC0F310D5967
                                                                                                                                                                                                                                    SHA-256:67534EE3F0E63F4962059A7A7E62E1DDE0F25FD79F6F5799580DF0FB7C821C6E
                                                                                                                                                                                                                                    SHA-512:B6B4EF61CC09AF1AD9016F42E2EFED734173B8058021BD48697B34570F8B1B137EFC5BC766E0C1EBE6F55286A88C7EA361373C0D4160202844A0C5E353521A6C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:PK........U3.X................lib/PK........V3.X................lib/net45/PK........V3.X.48..4...g../...lib/net45/Atlassian.AnalyticsService.Client.dll.\{\TU.?..af........A..)..S@A..Eqa.F..fpf@Q).GfZ.V.V..,.g.%..ij.i....|.....;..;3.m.~v......w...>...r&<.x.!>|.<@.-.\I......{.-G;....Ee..*.4;..v[..P.5..V.S[f..k.Z.U.6:_[e+7E.d.>l....eS<.l^.$.n+...t`.E.p...hI..R...~..}G-..nGP..y...w...}.!..la.|.C!B.poFH..LA.........gz..N..'...$a.....(..;.F.?.-..>......#.&..}.>.i.t......2.L.E.,a..........=..J.^4...@.8....u<4..<..YP$.PP..6:..B.p..w.4...jG 03Ch\p.....!.....!|l...g.......I.....o.[.Q!O...e.y.<Cz..>.....i..O.7M}2...&..y.1JH...%....E.rE#B...!..c~..+...A.<.../.A........_#.g.@v.(..b5......`H....C...k..7o..".......I....|(....g....?..0.I........?.....p0.@.!.p ...AJq^....S.DZ.{.$...T.@R..y..8?Ct.L=.....M..C..^..,!...pL....y.G...k j...$P.Q.......a.G..U..,.rH.h2./$..S.ea_.@...l....v;....._..`..b..0=..x...k" ..6..*....m....ER....3t.? ...D.?.@).W.mCA.9....B.......1.....S

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SquirrelTemp\SquirrelSetup.log

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):4602
                                                                                                                                                                                                                                    Entropy (8bit):5.282287505193318
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:Az/tHlk9S5egcpklVWgBNNXzHSxBNN4zvIbIWzlGAgATQhVpkaVWgBNNXzHSxBPl:Qlwgk28lRLFOF8xOBgLiHAjouoAT3
                                                                                                                                                                                                                                    MD5:5C932BC4CF136D70DB8ECAB5E3421478
                                                                                                                                                                                                                                    SHA1:F3C2975561CCAA719F276B08E67714446AD33893
                                                                                                                                                                                                                                    SHA-256:49AA83EBB7406BC5DCD54FFD4CA3A2A8E942D78E90A1405574112915240E1A13
                                                                                                                                                                                                                                    SHA-512:3A3D62FBB1917E171B9EBA2B9762E765893B0E93A4C05D6B42E620508BAAAD790C58E1B643E3F5F30F48B6A4FA10585978B511B9C3E339401CF6889DE218D853
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:.2024-10-01 11:04:45> Program: Starting Squirrel Updater: --install . --rerunningWithoutUAC..2024-10-01 11:04:45> Program: Starting install, writing to C:\Users\user\AppData\Local\SquirrelTemp..2024-10-01 11:04:45> Program: About to install to: C:\Users\user\AppData\Local\SourceTree..2024-10-01 11:04:45> CheckForUpdateImpl: Couldn't write out staging user ID, this user probably shouldn't get beta anything: System.IO.DirectoryNotFoundException: Could not find a part of the path 'C:\Users\user\AppData\Local\SourceTree\packages\.betaId'... at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath).. at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost).. at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exe
                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):1829840
                                                                                                                                                                                                                                    Entropy (8bit):5.88951053446875
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24576:AoNX16P1ulyRLOmre4E0QVkjkMTReMhzT9NS:R41ulAvJNQMhm
                                                                                                                                                                                                                                    MD5:BE71BD64082B4BA88D1B59C2D432C340
                                                                                                                                                                                                                                    SHA1:4DF45B97BE889E6E479CC590546E1732C4EB3535
                                                                                                                                                                                                                                    SHA-256:EDB23A210132682D4C150003D6E02A3D894D82EF018FDF986FBF9BEB6B5D68FA
                                                                                                                                                                                                                                    SHA-512:5FEDF278070C6FDC80A53F75C2A450403885937B1070377CD683E6B7767BEF61CFCE0C16076AA3619F5C991BB3CB07A174A3E6D10DEF1DD50E724B13048A53F5
                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                    Yara Hits:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, Author: Joe Security
                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....]Z................................. ........@.. .......................@............@.....................................O............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......,...p...........t.................................................{....*..{....*..{....*r.(......}......}......}....*....0..S........u......,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*..0..K....... *.o. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0...........r...p......%..{.....................-.q.............-.&.+.......o.....%..{.....................-.q.............-.&.+.......o.....%..{......................

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\SquirrelTemp\background.gif

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exe
                                                                                                                                                                                                                                    File Type:GIF image data, version 89a, 362 x 226
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):4885
                                                                                                                                                                                                                                    Entropy (8bit):7.647981312878908
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:5Yquxx0D6YnjNq1fANn2e9MuFJ3w0LL8tmhxg3FHNI5Ssnl0Gd/Qu1wOeMm7lpW3:5omjNh2ULh0HNWSkl0yJpeVv8zUn2tv
                                                                                                                                                                                                                                    MD5:0DFD25B120D2617E38B96F501BCDB7E9
                                                                                                                                                                                                                                    SHA1:62A620CD5C4BF23DD2D68B410A7A47557FBBBE35
                                                                                                                                                                                                                                    SHA-256:E3DC5A573764C9960FE992286D6628F82CCB7D26DCEAA5D2D457A9B3CA18C691
                                                                                                                                                                                                                                    SHA-512:06A4A02368C66E9A1D7B1F3D425AAF62EEBD71A668B1D1968AF078ACC67D04DE464A6379702581190E4E26C8213C4E3E9CB6F33B70E469E3956154165296824C
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:GIF89aj.......m.(}...........e.Z..............p..X.....n........,......s..f..u...........h.......f...../.........f.....g.....n.....h....j...........m.........l....B.........i..............l....................k.......h.......................'|....Y.._............i..........7..d..w..F......r...........t.6.....T...q..w.}......k.G........D...j.Q..S..@...........&{.............C..y...t.5..o..*~.0...........M...o.)}....b.....z.....|..\..`...........=..... x.u........r.....E...q.]......p.c........"y.J..$z....s..#z..o.............[..-..V..>...w.q..<........a.....e........................u.v.................{.....i..~........W..2..3.....+~.A...........g..H..x........8......r.;..L..U..!x.%{.I.....P........1..t.....4..N........k..............y..K..I........?.....9.........e.......!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/199

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\.squirrel-lock-7FD03AB0DF75386580AE5482BAADF2764ECEC87C

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:ISO-8859 text, with CR line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):4
                                                                                                                                                                                                                                    Entropy (8bit):2.0
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3:9:9
                                                                                                                                                                                                                                    MD5:A7E0F8AC46398A7876D1E40DD52C2AAB
                                                                                                                                                                                                                                    SHA1:B66922B4E6F09E23C072E4AFF49C67C3121DD5AF
                                                                                                                                                                                                                                    SHA-256:05174BBF0D407087E45B12BAAE17117426852FF3A9E58D12A0EBB9A10B409743
                                                                                                                                                                                                                                    SHA-512:E6B93215582F7F4F5E9292273A9466B5D0CC3A4EA7D77AE42854203755441DD5EDBEFB11FE8890CAE7783E41E2EDBF61EC7B03D7E5E9870A7821D4016B095F79
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\.squirrel-lock-961713371D5A067DA1230C6D82D2C59030937F59

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe
                                                                                                                                                                                                                                    File Type:ISO-8859 text, with CR line terminators
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):4
                                                                                                                                                                                                                                    Entropy (8bit):2.0
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:3:9:9
                                                                                                                                                                                                                                    MD5:A7E0F8AC46398A7876D1E40DD52C2AAB
                                                                                                                                                                                                                                    SHA1:B66922B4E6F09E23C072E4AFF49C67C3121DD5AF
                                                                                                                                                                                                                                    SHA-256:05174BBF0D407087E45B12BAAE17117426852FF3A9E58D12A0EBB9A10B409743
                                                                                                                                                                                                                                    SHA-512:E6B93215582F7F4F5E9292273A9466B5D0CC3A4EA7D77AE42854203755441DD5EDBEFB11FE8890CAE7783E41E2EDBF61EC7B03D7E5E9870A7821D4016B095F79
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:....

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\0ec06d71-9649-4362-8843-811bd9439d81.png

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):48675
                                                                                                                                                                                                                                    Entropy (8bit):6.756669123814639
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:768:r/nLpKDQcOzHDU80pGw4QAh0I4NZgBBGtRC9xpx1dZKKQUGtWLh:r/ntKDQcL4QFZgBBGtkpx1FQUiW9
                                                                                                                                                                                                                                    MD5:8BFDFEC2C6A9F91C448A86BBEA2265A9
                                                                                                                                                                                                                                    SHA1:AC7BF1494085AFD89B0F1F6BBE2FCAF2342207F5
                                                                                                                                                                                                                                    SHA-256:D4C17AFA93263E4867825CC06A12F22CB8A05E89CBFB8BF1BBF624FA3DF2620C
                                                                                                                                                                                                                                    SHA-512:60118DF45BABB5A3C23570BE664201294F33FEB321CDA3EDD43D216B08019CDFCA17D6F39358282BB1ECD809BC602397FAA45DCDD5E22E96EFE8EE962FE57EAF
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:............ .(...F... .... .(...n...00.... .(-............ .ew...F..(....... ..... ..............................................................................................................9.1.E.v.I...I...E.v.9.1.................................3...I...M...S...S...S...S...M...I...3.......................5...N...U...R...Q...R...R...Q...R...U...N...5...................N...W...S...R...S..........X...R...S...W...N...............D.-.R...V...U...P...]..........._...Q...T...V...R...D.-.........P.o.X...V...S...h#..............h..`...T...V...X...P.o.........T...[...W...Q......................r..U...W...[...T...........W...]...X...X...........o*..^..........\...W...]...W...........U.l.]...Z...U........................V...Z...]...U.l.........P.).Z...\...X...p,..................y7..W...\...Z...P.).............Z...a...]...Y...g....`...c..i...Y...]...a...Z...................U...]...b..._...\...W...W...\..._...b...]...U.......................O...]...`...c...c...c...c...`...]...O........

                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atlassian\Sourcetree.lnk

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe
                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Oct 1 14:04:48 2024, mtime=Tue Oct 1 14:04:48 2024, atime=Tue Oct 1 14:04:48 2024, length=301008, window=hide
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):2276
                                                                                                                                                                                                                                    Entropy (8bit):3.748539565155154
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24:8k2RfL8CjTodR1Aeivz9AXM0eUhdK3O4ZSqT9zWqyA7E4tiCTm:85RAHR19g2XfeUhQ3ZSq9yA7EoiCT
                                                                                                                                                                                                                                    MD5:AF294596FAD6194316BDEFB032F4ECEB
                                                                                                                                                                                                                                    SHA1:4EBC403C063EC2006133D3F331BDD18BB621D4F9
                                                                                                                                                                                                                                    SHA-256:35AD33919D3F4493DE49198F9531B653D65A31F3FF74DBF006DCB842FAB72912
                                                                                                                                                                                                                                    SHA-512:B19E3976F143F7F47549F0F6C52BC189F97364B414E5876F4AF4F2FEAE22C14CA871C32E23693907CB4B62447975B58CA0BB5A8AB34465F136CC1AADDEED786B
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:L..................F.@.. ...?.yB......{B......{B.............................:..DG..Yr?.D..U..k0.&...&...... M.....O..:......7F........t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlAY.x....B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....AY.x..Local.<......DWSlAY.x....V......................@K.L.o.c.a.l.....^.1.....AY.x..SOURCE~1..F......AY.xAY.x....?......................P..S.o.u.r.c.e.T.r.e.e.....j.2....AY.x .SOURCE~1.EXE..N......AY.xAY.x....9C....................P..S.o.u.r.c.e.T.r.e.e...e.x.e.......f...............-.......e.............[......C:\Users\user\AppData\Local\SourceTree\SourceTree.exe....S.o.u.r.c.e.T.r.e.e.1.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.S.o.u.r.c.e.T.r.e.e.\.S.o.u.r.c.e.T.r.e.e...e.x.e.3.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.S.o.u.r.c.e.T.r.e.e.\.a.p.p.-.3...4...1.9.7.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.S.o.u.r.c.e.T.r.e.e.\.S.o.u.r.c.e.T.r.e.e...e.x.e.........%USE

                                                                                                                                                                                                                                    C:\Users\user\Desktop\Sourcetree.lnk

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe
                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Oct 1 14:04:48 2024, mtime=Tue Oct 1 14:04:55 2024, atime=Tue Oct 1 14:04:48 2024, length=301008, window=hide
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):2262
                                                                                                                                                                                                                                    Entropy (8bit):3.7553948954144762
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:24:8k22fL8CjT8R1Aeivz9AXMHUhdK3O4ZSqT9zWqyA7E4tiCTm:852A9R19g2X0UhQ3ZSq9yA7EoiCT
                                                                                                                                                                                                                                    MD5:EB9CD5D2202B63A2D164EB32C81C5669
                                                                                                                                                                                                                                    SHA1:D6EC3A1D07345C7008C4A4DC8341390DD55BF198
                                                                                                                                                                                                                                    SHA-256:FD728598AB468766895C3B20F33B45C7347E0534806710305CC63D6B1F0CCF15
                                                                                                                                                                                                                                    SHA-512:171CB70E87BAC465ED4729CDBF490CBB9E25E463E1338EEB2995BCCE02BC405C14CFF7279F5978700A67A3C7C8CF8113887070879314F7BB3587988FF77A0D4B
                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                    Preview:L..................F.@.. ...?.yB.....CFF......{B.............................:..DG..Yr?.D..U..k0.&...&...... M.....O..:......7F........t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSlAY.x....B.....................Bdg.A.p.p.D.a.t.a...B.P.1.....AY.x..Local.<......DWSlAY.x....V.....................+.-.L.o.c.a.l.....^.1.....AY.x..SOURCE~1..F......AY.xAY.x....?......................P..S.o.u.r.c.e.T.r.e.e.....j.2....AY.x .SOURCE~1.EXE..N......AY.xAY.x....9C....................P..S.o.u.r.c.e.T.r.e.e...e.x.e.......f...............-.......e.............[......C:\Users\user\AppData\Local\SourceTree\SourceTree.exe....S.o.u.r.c.e.T.r.e.e.*.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.S.o.u.r.c.e.T.r.e.e.\.S.o.u.r.c.e.T.r.e.e...e.x.e.3.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.S.o.u.r.c.e.T.r.e.e.\.a.p.p.-.3...4...1.9.7.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.S.o.u.r.c.e.T.r.e.e.\.S.o.u.r.c.e.T.r.e.e...e.x.e.........%USERPROFILE%\AppD

                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                    Entropy (8bit):7.998808504387885
                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                    File name:SourceTreeSetup-3.4.19.exe
                                                                                                                                                                                                                                    File size:24'789'968 bytes
                                                                                                                                                                                                                                    MD5:4bd79bab4339cac6714cd1ff595ccff4
                                                                                                                                                                                                                                    SHA1:eaeea52764e69b54672fd6dd358139f26310e5fd
                                                                                                                                                                                                                                    SHA256:8d6d66e4c5079bbd512269029a2d992f20a6696c5782dcb02397a823905f4505
                                                                                                                                                                                                                                    SHA512:16f6aaddf430cb1f1475147133a3e067f89d04de21d34637171b68129fbf7709071b81ab718ea2f7b0c1290fa989a025f961de8f690db97a354f9de512facab5
                                                                                                                                                                                                                                    SSDEEP:393216:IuwQDQY4/c5NjRKsgKQJgerQANqY/iLmRSFSvXFNx4YcXskPSyXcxjbr0biKtlES:twuEi9Ksg/JgeHLi4FAYcXRN4jbg+Kt5
                                                                                                                                                                                                                                    TLSH:5E47330360A54DE9C8F2563469E555703F757A29DEEFABF313D8832C34818B86AF0AC5
                                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l..u(..&(..&(..&."_&!..&."]&S..&."\&0..&...':..&...'<..&...'...&.A`&*..&.A~&)..&.Ae&;..&(..&...&...'...&..Q&)..&(.9&)..&...')..

                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                    Icon Hash:13170f6d2d6d6d33

                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Entrypoint:0x409e92
                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                    Digitally signed:true
                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                    Time Stamp:0x5A5DA736 [Tue Jan 16 07:18:14 2018 UTC]
                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                    OS Version Major:6
                                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                                    File Version Major:6
                                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                                    Import Hash:6b4d5c8216d450ee5a7c849b21ee169d

                                                                                                                                                                                                                                    Authenticode Signature

                                                                                                                                                                                                                                    Signature Valid:true
                                                                                                                                                                                                                                    Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                    Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                    Error Number:0
                                                                                                                                                                                                                                    Not Before, Not After
                                                                                                                                                                                                                                    • 05/12/2022 01:00:00 09/12/2025 00:59:59
                                                                                                                                                                                                                                    Subject Chain
                                                                                                                                                                                                                                    • CN=Atlassian Pty Ltd, OU=IT, O=Atlassian Pty Ltd, L=Sydney, S=New South Wales, C=AU
                                                                                                                                                                                                                                    Version:3
                                                                                                                                                                                                                                    Thumbprint MD5:33A5C29144EB20FC5507F70CE1F57C1E
                                                                                                                                                                                                                                    Thumbprint SHA-1:F7CA648285EBD26EBAE751078CCEA98C4FE28022
                                                                                                                                                                                                                                    Thumbprint SHA-256:40A3E311DC2B7699BB8D0ED05100BBF3CE7F5DE53C4DB7B399BFC2020EE0CBF5
                                                                                                                                                                                                                                    Serial:0A80D3F3DA80F9578254422EE9E98B45

                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                    call 00007F695CE13018h
                                                                                                                                                                                                                                    jmp 00007F695CE129D3h
                                                                                                                                                                                                                                    jmp dword ptr [0041D22Ch]
                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                    call 00007F695CE12B9Dh
                                                                                                                                                                                                                                    mov dword ptr [esi], 0041D38Ch
                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                    and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                    and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                    mov dword ptr [ecx+04h], 0041D394h
                                                                                                                                                                                                                                    mov dword ptr [ecx], 0041D38Ch
                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                    call 00007F695CE12B6Ah
                                                                                                                                                                                                                                    mov dword ptr [esi], 0041D3A8h
                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                    and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                    and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                    mov dword ptr [ecx+04h], 0041D3B0h
                                                                                                                                                                                                                                    mov dword ptr [ecx], 0041D3A8h
                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                    lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                    mov dword ptr [esi], 0041D36Ch
                                                                                                                                                                                                                                    and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                    and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                    mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                    add eax, 04h
                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                    call 00007F695CE14280h
                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                    sub esp, 0Ch
                                                                                                                                                                                                                                    lea ecx, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                                    call 00007F695CE12AF3h
                                                                                                                                                                                                                                    push 004266B8h
                                                                                                                                                                                                                                    lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                    call 00007F695CE142DDh
                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                    mov eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                                                    jne 00007F695CE12B47h
                                                                                                                                                                                                                                    mov eax, 00000074h

                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x26c580xc8.rdata
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x2a0000x177a2dc.rsrc
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x17a32000x11d0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x17a50000x17c8.reloc
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x254b00x70.rdata
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x255200x40.rdata
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x1d0000x22c.rdata
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                    .text0x10000x1ba5e0x1bc00b0ddfaf7b6d057e16337add779e8ead4False0.5923863316441441data6.65379634133287IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    .rdata0x1d0000xa8b00xaa0072916ad0b9e643fa0b839eb81a139257False0.4488740808823529data4.945862460661825IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    .data0x280000x16680xc00fc45425f147a542d3bcb77aaec700cf8False0.21321614583333334data3.00730938024217IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                    .rsrc0x2a0000x177a2dc0x177a400b08e4152c756ac11a76873d0c3befd1funknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    .reloc0x17a50000x17c80x18004a7e92b9b9dd48c253926dfccdac39e6False0.7970377604166666data6.598787421931448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                    DATA0x2a3100x1777903Zip archive data, at least v2.0 to extract, compression method=deflateEnglishUnited States1.0003108978271484
                                                                                                                                                                                                                                    FLAGS0x17a1c140xcdataEnglishUnited States1.6666666666666667
                                                                                                                                                                                                                                    RT_ICON0x17a1c200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.21774193548387097
                                                                                                                                                                                                                                    RT_ICON0x17a1f080x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.11597472924187725
                                                                                                                                                                                                                                    RT_ICON0x17a27b00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.21774193548387097
                                                                                                                                                                                                                                    RT_ICON0x17a2a980x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.11597472924187725
                                                                                                                                                                                                                                    RT_STRING0x17a33400x418dataEnglishUnited States0.3148854961832061
                                                                                                                                                                                                                                    RT_STRING0x17a37580x472dataEnglishUnited States0.27680140597539543
                                                                                                                                                                                                                                    RT_GROUP_ICON0x17a3bcc0x22dataEnglishUnited States1.0588235294117647
                                                                                                                                                                                                                                    RT_GROUP_ICON0x17a3bf00x22dataEnglishUnited States1.088235294117647
                                                                                                                                                                                                                                    RT_VERSION0x17a3c140x2e0dataEnglishUnited States0.45516304347826086
                                                                                                                                                                                                                                    RT_MANIFEST0x17a3ef40x3e7XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (939), with CRLF line terminatorsEnglishUnited States0.5145145145145145

                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                    KERNEL32.dllGetCurrentProcess, LoadLibraryW, FreeLibrary, InitializeCriticalSectionEx, GetFileAttributesW, CreateFileW, SetFilePointer, ReadFile, SystemTimeToFileTime, GetCurrentDirectoryW, MultiByteToWideChar, LocalFileTimeToFileTime, WideCharToMultiByte, CreateDirectoryW, WriteFile, SetFileTime, FreeResource, SizeofResource, LockResource, CreateProcessW, GetCurrentThreadId, DecodePointer, RaiseException, LeaveCriticalSection, EnterCriticalSection, lstrcmpiW, LoadLibraryExW, SetFilePointerEx, GetModuleFileNameW, GetConsoleCP, FlushFileBuffers, GetStringTypeW, SetStdHandle, DeleteFileW, CloseHandle, GetExitCodeProcess, WaitForSingleObject, MoveFileW, GetTempFileNameW, GetLastError, GetTempPathW, DeleteCriticalSection, GetModuleHandleW, GetProcAddress, lstrlenW, FindResourceW, LoadResource, VerSetConditionMask, GetProcessHeap, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetCPInfo, GetOEMCP, WriteConsoleW, IsValidCodePage, FindNextFileW, FindFirstFileExW, FindClose, HeapReAlloc, HeapSize, GetConsoleMode, VerifyVersionInfoW, IsDebuggerPresent, OutputDebugStringW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ExitProcess, GetModuleHandleExW, GetStdHandle, GetACP, HeapFree, HeapAlloc, GetFileType, CompareStringW, LCMapStringW
                                                                                                                                                                                                                                    USER32.dllCharNextW, ExitWindowsEx, wsprintfW, MessageBoxW, DestroyWindow, LoadStringW, GetActiveWindow
                                                                                                                                                                                                                                    ADVAPI32.dllGetUserNameW, RegOpenKeyExW, RegDeleteValueW, RegCreateKeyExW, RegEnumKeyExW, RegQueryInfoKeyW, RegDeleteKeyW, GetTokenInformation, RegCloseKey, AdjustTokenPrivileges, OpenProcessToken, LookupPrivilegeValueW, RegSetValueExW, RegQueryValueExW
                                                                                                                                                                                                                                    SHELL32.dllSHGetFolderPathW, ShellExecuteExW, ShellExecuteW
                                                                                                                                                                                                                                    ole32.dllCoTaskMemRealloc, CoTaskMemFree, CoCreateInstance, CoTaskMemAlloc, CoInitialize
                                                                                                                                                                                                                                    OLEAUT32.dllVariantInit, SysFreeString, SysAllocString, VarUI4FromStr, VariantClear
                                                                                                                                                                                                                                    urlmon.dllURLDownloadToFileW
                                                                                                                                                                                                                                    SHLWAPI.dllPathIsUNCW
                                                                                                                                                                                                                                    COMCTL32.dllInitCommonControlsEx

                                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:11.621239901 CEST49713443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:11.621309042 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:11.621393919 CEST49713443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:11.629584074 CEST49713443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:11.629605055 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.360053062 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.360330105 CEST49713443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.390327930 CEST49713443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.390357971 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.390647888 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.435702085 CEST49713443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.460386038 CEST49713443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.507416964 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.652856112 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.652884960 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.652890921 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.652931929 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.652961016 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.653043032 CEST49713443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.653068066 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.653098106 CEST49713443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.653112888 CEST49713443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.735312939 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.735337973 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.735439062 CEST49713443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.735469103 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.735516071 CEST49713443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.741214037 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.741230011 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.741317987 CEST49713443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.741328955 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.741343975 CEST443497133.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.741370916 CEST49713443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.741396904 CEST49713443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:12.823127031 CEST49713443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:43.573122978 CEST49721443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:43.573185921 CEST443497213.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:43.573262930 CEST49721443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:43.590291023 CEST49721443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:43.590310097 CEST443497213.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:44.302572012 CEST443497213.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:44.302702904 CEST49721443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:44.304950953 CEST49721443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:44.304985046 CEST443497213.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:44.305344105 CEST443497213.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:44.314065933 CEST49721443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:44.359405994 CEST443497213.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:44.576386929 CEST443497213.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:44.576486111 CEST443497213.161.73.137192.168.2.5
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:44.576554060 CEST49721443192.168.2.53.161.73.137
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:44.581002951 CEST49721443192.168.2.53.161.73.137

                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:11.584162951 CEST6306953192.168.2.51.1.1.1
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:11.597584963 CEST53630691.1.1.1192.168.2.5

                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:11.584162951 CEST192.168.2.51.1.1.10xd56dStandard query (0)product-downloads.atlassian.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:11.597584963 CEST1.1.1.1192.168.2.50xd56dNo error (0)product-downloads.atlassian.comd145e4fdyl6drh.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                    Oct 1, 2024 17:05:11.597584963 CEST1.1.1.1192.168.2.50xd56dNo error (0)d145e4fdyl6drh.cloudfront.net3.161.73.137A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                    • product-downloads.atlassian.com

                                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    0192.168.2.5497133.161.73.1374436620C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2024-10-01 15:05:12 UTC129OUTGET /software/sourcetree/windows/ga/sourcetree_ga.ico HTTP/1.1
                                                                                                                                                                                                                                    Host: product-downloads.atlassian.com
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    2024-10-01 15:05:12 UTC505INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Content-Type: image/vnd.microsoft.icon
                                                                                                                                                                                                                                    Content-Length: 48675
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Last-Modified: Mon, 26 Nov 2018 23:52:20 GMT
                                                                                                                                                                                                                                    x-amz-version-id: vTpgo6eFA.7VY9O7MoCbGRTMMJcnNwY5
                                                                                                                                                                                                                                    Server: AmazonS3
                                                                                                                                                                                                                                    Date: Tue, 01 Oct 2024 05:55:40 GMT
                                                                                                                                                                                                                                    ETag: "8bfdfec2c6a9f91c448a86bbea2265a9"
                                                                                                                                                                                                                                    X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                    Via: 1.1 93e77bd122e2a2b3ec02228d81a35184.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                    X-Amz-Cf-Pop: FRA56-P10
                                                                                                                                                                                                                                    X-Amz-Cf-Id: IEPviRgYvPZEbvj9K3gG0WQts9VV4f82qKF-QqsptKCLwGjkimbALQ==
                                                                                                                                                                                                                                    Age: 34015
                                                                                                                                                                                                                                    2024-10-01 15:05:12 UTC15879INData Raw: 00 00 01 00 04 00 10 10 00 00 01 00 20 00 28 05 00 00 46 00 00 00 20 20 00 00 01 00 20 00 28 14 00 00 6e 05 00 00 30 30 00 00 01 00 20 00 28 2d 00 00 96 19 00 00 00 00 00 00 01 00 20 00 65 77 00 00 be 46 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ab 39 00 31 b9 45 00 76 c3 49 00 99 c3 49 00 99 b9 45 00 76 ab 39 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 99 33 00 14 c5
                                                                                                                                                                                                                                    Data Ascii: (F (n00 (- ewF( 91EvIIEv913
                                                                                                                                                                                                                                    2024-10-01 15:05:12 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                    2024-10-01 15:05:12 UTC16384INData Raw: 18 6d ae af 55 bf 6b cd b0 6c db 35 bb 17 02 57 e8 0b 49 1f 78 95 be 8f 55 75 1e 5e 11 dd f1 c9 15 f1 d7 eb 0d cf 3f ae 4f 4e 3c ac 5f 76 29 ce 25 be 7f 8e 1f 6f fa 85 bc 7b 31 48 97 09 76 2a a0 e1 4a a7 04 ba 92 a8 d7 0f b7 14 8b fa 5e 37 e0 f8 a4 d8 83 eb f4 fc a3 32 55 f8 5f 29 3f c7 18 18 7b 18 83 2d a4 56 94 fd 34 dd 82 0b 73 58 55 97 df 77 6f 18 96 75 9b 67 77 02 40 04 5f f3 ac f9 f2 e6 e7 e8 45 e1 e9 be 2d a9 03 76 85 7e 01 e9 b7 cf 0c 77 7f f9 20 8e 9d ef 63 80 eb 98 c3 86 c1 89 f9 88 f9 34 f0 0b 32 41 3e c8 01 6f 5e 1f 3a b8 03 70 df e3 3a 01 f8 03 fd 1c ee 4e 13 77 5d 83 10 1e 67 9c f0 91 9f 65 a5 05 23 09 13 82 b8 fa c3 0f c4 6b e3 d5 dd 7a 49 c6 cc d1 94 2b 45 e6 9a be f9 ab 8f c1 6e d7 17 62 1e 18 d2 0f 54 b6 16 ca d2 98 4c 80 88 c7 61 ff f2
                                                                                                                                                                                                                                    Data Ascii: mUkl5WIxUu^?ON<_v)%o{1Hv*J^72U_)?{-V4sXUwougw@_E-v~w c42A>o^:p:Nw]ge#kzI+EnbTLa
                                                                                                                                                                                                                                    2024-10-01 15:05:12 UTC28INData Raw: 1e 08 1e b8 55 1e f8 3f 83 8d 9c d6 3c 74 ed 1e 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                                                                                                                                                    Data Ascii: U?<tIENDB`


                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                    1192.168.2.5497213.161.73.1374435448C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe
                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                    2024-10-01 15:05:44 UTC165OUTGET /software/sourcetree/windows/ga/RELEASES?id=SourceTree&localVersion=3.4.19&arch=amd64 HTTP/1.1
                                                                                                                                                                                                                                    Host: product-downloads.atlassian.com
                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                    2024-10-01 15:05:44 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                                    Content-Type: binary/octet-stream
                                                                                                                                                                                                                                    Content-Length: 79
                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                    Last-Modified: Thu, 19 Sep 2024 05:35:51 GMT
                                                                                                                                                                                                                                    x-amz-version-id: g5s4L9g0EpGo034PfEtW5jop1U1gzQBh
                                                                                                                                                                                                                                    Server: AmazonS3
                                                                                                                                                                                                                                    Date: Tue, 01 Oct 2024 15:05:44 GMT
                                                                                                                                                                                                                                    Cache-Control: max-age=1
                                                                                                                                                                                                                                    ETag: "ba28f48a364bd11f58f8d7553942f2d4"
                                                                                                                                                                                                                                    X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                    Via: 1.1 5421a870e3aababe98272cc4ea364cea.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                    X-Amz-Cf-Pop: FRA56-P10
                                                                                                                                                                                                                                    X-Amz-Cf-Id: z4za096__W7twQiIdb5H7JvyNfbncxJ_cDVRGGs3AQYgrbqJGIWLEQ==
                                                                                                                                                                                                                                    2024-10-01 15:05:44 UTC79INData Raw: 43 30 35 36 35 30 36 36 39 45 35 46 31 45 44 44 38 34 31 34 30 34 37 37 33 34 39 41 38 36 35 35 33 30 35 30 35 39 37 34 20 53 6f 75 72 63 65 54 72 65 65 2d 33 2e 34 2e 32 30 2d 66 75 6c 6c 2e 6e 75 70 6b 67 20 32 34 35 36 30 30 39 32 0a
                                                                                                                                                                                                                                    Data Ascii: C05650669E5F1EDD84140477349A865530505974 SourceTree-3.4.20-full.nupkg 24560092


                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                    Start time:11:04:43
                                                                                                                                                                                                                                    Start date:01/10/2024
                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exe"
                                                                                                                                                                                                                                    Imagebase:0xe80000
                                                                                                                                                                                                                                    File size:24'789'968 bytes
                                                                                                                                                                                                                                    MD5 hash:4BD79BAB4339CAC6714CD1FF595CCFF4
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                                                                    Start time:11:04:43
                                                                                                                                                                                                                                    Start date:01/10/2024
                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\SourceTreeSetup-3.4.19.exe" --rerunningWithoutUAC
                                                                                                                                                                                                                                    Imagebase:0xe80000
                                                                                                                                                                                                                                    File size:24'789'968 bytes
                                                                                                                                                                                                                                    MD5 hash:4BD79BAB4339CAC6714CD1FF595CCFF4
                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                    Start time:11:04:44
                                                                                                                                                                                                                                    Start date:01/10/2024
                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC
                                                                                                                                                                                                                                    Imagebase:0xf80000
                                                                                                                                                                                                                                    File size:1'829'840 bytes
                                                                                                                                                                                                                                    MD5 hash:BE71BD64082B4BA88D1B59C2D432C340
                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, Author: Joe Security
                                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                    Start time:11:04:49
                                                                                                                                                                                                                                    Start date:01/10/2024
                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe" --squirrel-install 3.4.19
                                                                                                                                                                                                                                    Imagebase:0x1d7d9810000
                                                                                                                                                                                                                                    File size:870'352 bytes
                                                                                                                                                                                                                                    MD5 hash:4672BD9DA0C27C16BB9DC4C94672DCB4
                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                    Start time:11:05:10
                                                                                                                                                                                                                                    Start date:01/10/2024
                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\SourceTree\app-3.4.19\SourceTree.exe" --squirrel-firstrun
                                                                                                                                                                                                                                    Imagebase:0x1d3cd450000
                                                                                                                                                                                                                                    File size:870'352 bytes
                                                                                                                                                                                                                                    MD5 hash:4672BD9DA0C27C16BB9DC4C94672DCB4
                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                      Function 00E8A31B Relevance: 6.0, APIs: 4, Instructions: 26timethreadCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00E8A32D
                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00E8A33C
                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 00E8A345
                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 00E8A352
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2044012664.0000000000E81000.00000020.00000001.01000000.00000003.sdmp, Offset: 00E80000, based on PE: true
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2043986307.0000000000E80000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2044046135.0000000000E9D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2044078441.0000000000EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2044112366.0000000000EAA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2044112366.00000000018AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2044112366.00000000022AA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_e80000_SourceTreeSetup-3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2933794660-0
                                                                                                                                                                                                                                      • Opcode ID: 152a6b9be7c9ad9923fa05464590525b954ba2fc9c46afd272529b2f0857717a
                                                                                                                                                                                                                                      • Instruction ID: 35a3a40961ba1ce0ad5fd553fbf27469a2d4e3593fcff6f25ce7f7ce583af5d8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 152a6b9be7c9ad9923fa05464590525b954ba2fc9c46afd272529b2f0857717a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DF09D71C15208EFCB00DBB5DA49A9EBBF8EF18201F914496A801E7110E634AB088B55

                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                      Execution Coverage:20.4%
                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                                                      Total number of Nodes:119
                                                                                                                                                                                                                                      Total number of Limit Nodes:6
                                                                                                                                                                                                                                      execution_graph 41876 3290848 41877 3290869 41876->41877 41878 3290873 41877->41878 41880 3290910 41877->41880 41881 329094b 41880->41881 41885 3292360 41881->41885 41889 3292370 41881->41889 41886 3292370 41885->41886 41887 3292497 41886->41887 41893 32969de 41886->41893 41890 3292399 41889->41890 41891 3292497 41890->41891 41892 32969de K32EnumProcesses 41890->41892 41892->41891 41894 3296a43 41893->41894 41898 3296a80 41894->41898 41902 3296a90 41894->41902 41895 3296a69 41895->41887 41899 3296a90 41898->41899 41906 3297310 41899->41906 41903 3296ab9 41902->41903 41905 3297310 K32EnumProcesses 41903->41905 41904 3296ad3 41905->41904 41907 32972b8 41906->41907 41907->41906 41908 329768a 41907->41908 41911 3299768 41907->41911 41915 3299758 41907->41915 41912 32997b5 41911->41912 41919 32997f0 41912->41919 41916 3299768 41915->41916 41918 32997f0 K32EnumProcesses 41916->41918 41917 32997db 41917->41908 41918->41917 41920 3299801 41919->41920 41924 3299879 41920->41924 41931 3299888 41920->41931 41921 3299843 41926 3299886 41924->41926 41925 329995f 41925->41921 41926->41925 41927 64f0608 K32EnumProcesses 41926->41927 41929 64f05e1 K32EnumProcesses 41926->41929 41938 64f08a0 41926->41938 41942 64f0765 41926->41942 41927->41925 41929->41925 41932 32998b0 41931->41932 41933 329995f 41932->41933 41934 64f0608 K32EnumProcesses 41932->41934 41935 64f0765 K32EnumProcesses 41932->41935 41936 64f05e1 K32EnumProcesses 41932->41936 41937 64f08a0 K32EnumProcesses 41932->41937 41933->41921 41934->41933 41935->41933 41936->41933 41937->41933 41939 64f08f9 41938->41939 41941 64f0941 K32EnumProcesses 41939->41941 41940 64f0924 41940->41925 41941->41940 41943 64f0766 41942->41943 41945 64f0941 K32EnumProcesses 41943->41945 41944 64f0924 41944->41925 41945->41944 41946 60e31f8 41948 60e31fe 41946->41948 41947 60e320c 41948->41947 41952 678a780 41948->41952 41956 678a742 41948->41956 41949 60e3260 41955 678a786 41952->41955 41953 678a72d 41953->41949 41955->41953 41960 678a520 41955->41960 41959 678a74b 41956->41959 41957 678a72d 41957->41949 41958 678a520 QueryFullProcessImageNameA 41958->41959 41959->41957 41959->41958 41961 678a9c0 QueryFullProcessImageNameA 41960->41961 41963 678aadc 41961->41963 41807 64f04c8 41808 64f04cb 41807->41808 41809 64f04eb 41808->41809 41811 64f05b6 41808->41811 41815 64f0608 41811->41815 41819 64f05e1 41811->41819 41816 64f0626 41815->41816 41823 64f0941 41816->41823 41820 64f0602 41819->41820 41822 64f0941 K32EnumProcesses 41820->41822 41821 64f05c5 41821->41809 41822->41821 41824 64f0979 41823->41824 41828 64f0e1f 41824->41828 41833 64f0e40 41824->41833 41825 64f098e 41829 64f0e7b 41828->41829 41830 64f0fe7 41829->41830 41838 67891e8 41829->41838 41843 67891a8 41829->41843 41830->41825 41834 64f0e7b 41833->41834 41835 64f0fe7 41834->41835 41836 67891e8 K32EnumProcesses 41834->41836 41837 67891a8 K32EnumProcesses 41834->41837 41835->41825 41836->41835 41837->41835 41839 678923b 41838->41839 41848 6789279 41839->41848 41853 67892fc 41839->41853 41844 678923b 41843->41844 41846 6789279 K32EnumProcesses 41844->41846 41847 67892fc K32EnumProcesses 41844->41847 41845 6789261 41845->41830 41846->41845 41847->41845 41849 67892b0 41848->41849 41850 678931a 41849->41850 41858 678970a 41849->41858 41862 6789710 41849->41862 41854 67892b0 41853->41854 41854->41853 41855 678931a 41854->41855 41856 678970a K32EnumProcesses 41854->41856 41857 6789710 K32EnumProcesses 41854->41857 41856->41854 41857->41854 41859 678973f 41858->41859 41860 6789a4a 41859->41860 41866 6789f2f 41859->41866 41860->41849 41863 678973f 41862->41863 41864 6789f2f K32EnumProcesses 41863->41864 41865 6789a4a 41863->41865 41864->41865 41865->41849 41867 6789f3a 41866->41867 41868 6789f0e 41866->41868 41869 678a108 K32EnumProcesses 41867->41869 41871 6789fc4 41867->41871 41868->41860 41870 678a13f 41869->41870 41870->41860 41871->41860 41872 67841b0 41873 67841f2 LoadLibraryW 41872->41873 41875 6784225 41873->41875

                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                      Function 032946B0 Relevance: 22.3, Strings: 17, Instructions: 1098COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 0 32946b0-32946cd 1 329481f-3294844 0->1 2 32946d3-32946d7 0->2 3 329484b-3294881 1->3 2->3 4 32946dd-32946e1 2->4 5 3294888-32948ac 3->5 4->5 6 32946e7-3294710 4->6 25 32948b3-32948e9 5->25 16 3294743-3294782 6->16 17 3294712-3294727 6->17 31 3294785-329479d 16->31 23 32949aa-32949b0 17->23 24 329472d-3294741 17->24 32 3294a2d-3294ab0 23->32 33 32949b2-32949b9 23->33 24->31 54 32948f0-3294944 25->54 41 32947a9 31->41 42 329479f-32947a6 31->42 77 3294bae-3294c17 32->77 78 3294ab6-3294ae4 32->78 35 32949bb-32949df 33->35 36 329494a-3294966 33->36 55 329496d-32949a3 36->55 47 32947b1-32947be 41->47 51 32947ca-32947ce 47->51 52 32947c0-32947c4 47->52 56 32947da-32947ef 51->56 57 32947d0-32947d4 51->57 52->25 52->51 54->36 55->23 62 32947f1-32947fa 56->62 63 3294815-329481c 56->63 57->54 57->56 67 32947fc-3294800 62->67 68 3294806-3294809 62->68 67->55 67->68 68->63 70 329480b-329480f 68->70 70->55 70->63 100 3294c19-3294c25 77->100 101 3294c6a-3294c99 77->101 83 3294aea-3294aed 78->83 84 3294ba6-3294bad 78->84 86 3294af0-3294af9 83->86 87 3294afb-3294b0c 86->87 88 3294b27-3294b5e 86->88 87->88 94 3294b0e-3294b20 87->94 92 3294b6f-3294b7e 88->92 102 3294b60-3294b66 92->102 103 3294b80-3294b95 92->103 94->86 98 3294b22 94->98 98->84 107 3294c2a-3294c4e 100->107 101->107 113 3294c9b-3294cc6 call 32946b0 101->113 102->92 103->84 281 3294c51 call 32949e8 107->281 282 3294c51 call 32949f8 107->282 283 3294c51 call 329461b 107->283 284 3294c51 call 32946b0 107->284 285 3294c51 call 3294be0 107->285 112 3294c57-3294c67 117 3294cc8-3294cd3 113->117 118 3294cd6-3294d3a 113->118 125 3294d3c-3294d49 118->125 126 3294d63-3294dcb 118->126 125->126 127 3294d4b-3294d62 125->127 132 3294dd1-3294dd7 126->132 133 3294e72-3294e76 126->133 134 3294ddd-3294de6 132->134 135 32950d5-3295114 132->135 136 3294e78-3294e81 133->136 137 3294e82-3294e89 133->137 140 3294f5b-3294faa 134->140 141 3294dec-3294e03 134->141 152 329511a-329511d 135->152 153 32951a7-32951aa 135->153 138 3294e99-3294ea0 137->138 139 3294e8b-3294e93 137->139 143 3294f3b-3294f3f 138->143 144 3294ea6-3294eae 138->144 139->138 142 3295055-32950ce 139->142 209 3294fb1-329504e 140->209 155 3294e5d-3294e6c 141->155 156 3294e05-3294e24 141->156 142->135 149 3294f4e-3294f5a 143->149 150 3294f41-3294f4d 143->150 147 3294eef-3294ef2 144->147 148 3294eb0-3294eed 144->148 159 3294f28-3294f33 147->159 160 3294ef4-3294ef6 147->160 148->143 154 3295120-3295125 152->154 157 32952a9-329530f 153->157 158 32951b0-32951b7 153->158 162 329512b-329513a 154->162 163 3295316-3295350 154->163 155->132 155->133 194 3294e3f-3294e42 156->194 195 3294e26-3294e2c 156->195 157->163 159->143 165 3294ef8-3294efd 160->165 166 3294f05-3294f0f 160->166 170 329513c-3295143 162->170 171 3295147-329514a 162->171 185 32954d5-3295571 163->185 186 3295356-329539e 163->186 165->166 166->135 169 3294f15-3294f1c 166->169 169->159 176 3294f1e-3294f26 169->176 177 3295151-3295154 170->177 178 3295145-329517b 170->178 180 32951ba-329522a 171->180 181 329514c-329514f 171->181 176->143 189 329515a-3295176 177->189 190 3295231-32952a2 177->190 187 329519d-32951a1 178->187 197 329517d-3295194 call 3290238 178->197 180->190 181->187 233 32953a0-32953a5 186->233 234 32953a7-32953b5 186->234 187->153 187->154 189->187 190->157 194->135 203 3294e48-3294e55 194->203 195->135 201 3294e32-3294e39 195->201 197->187 201->194 201->209 203->155 209->142 239 32953b8-32953f8 233->239 234->239 261 32953fe-3295421 239->261 262 3295485-329549e 239->262 270 329542a-329542e 261->270 271 3295423-3295428 261->271 265 32954a9 262->265 266 32954a0 262->266 265->185 266->265 273 3295441-3295450 270->273 274 3295430-329543f 270->274 272 3295475-329547f 271->272 272->261 272->262 273->272 278 3295452-329545c 273->278 274->272 286 329545f call 3295bef 278->286 287 329545f call 3295c00 278->287 279 3295462-3295464 279->272 280 3295466-329546c 279->280 280->272 281->112 282->112 283->112 284->112 285->112 286->279 287->279
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (aq$(aq$(aq$(aq$(aq$(aq$=$Haq$Haq$Haq$Haq$Haq$Haq$Haq$Haq$Haq$Haq
                                                                                                                                                                                                                                      • API String ID: 0-4175843307
                                                                                                                                                                                                                                      • Opcode ID: 2269811e9098717f36221ef54579782daa848147bd797fa6b43c0a160f1d0bda
                                                                                                                                                                                                                                      • Instruction ID: b54fcdf9eb9bc88a50da94f693096b5c339fc42611b2b23fbf66c2b200fcd2da
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2269811e9098717f36221ef54579782daa848147bd797fa6b43c0a160f1d0bda
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C92CF30B0020A8FDB15DF69D8906AEBBB6FF89310F14856AD905EB291DF34DD46CB91
                                                                                                                                                                                                                                      Function 0329DFE0 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 335 329dfe0-329dff3 336 329e04d-329e072 335->336 337 329dff5-329dff7 335->337 338 329e079-329e0da 336->338 337->338 339 329dffd-329e00b 337->339 357 329e0e8-329e0fe 338->357 358 329e0dc-329e0de 338->358 341 329e01b 339->341 342 329e00d-329e019 339->342 343 329e01d-329e027 341->343 342->343 350 329e029-329e036 343->350 351 329e038 343->351 352 329e03a-329e03d 350->352 351->352 388 329e03f call 329dfe0 352->388 389 329e03f call 329dfd0 352->389 355 329e045-329e04a 361 329e100-329e104 357->361 362 329e173-329e198 357->362 358->357 363 329e10a-329e10e 361->363 364 329e19f-329e1b0 361->364 362->364 366 329e1cb-329e204 363->366 367 329e114-329e11c 363->367 374 329e1b6-329e1b9 364->374 366->374 385 329e206-329e208 366->385 368 329e12a-329e14f 367->368 369 329e11e-329e120 367->369 381 329e15d-329e161 368->381 382 329e151-329e153 368->382 369->368 375 329e1ba-329e1c4 374->375 375->366 383 329e169-329e170 381->383 382->381 385->375 386 329e20a-329e288 385->386 388->355 389->355
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (aq$(aq$(aq$(aq$(aq
                                                                                                                                                                                                                                      • API String ID: 0-2150520858
                                                                                                                                                                                                                                      • Opcode ID: 12bbad830140007bb6b1826064dad359210659d44e60f618464c9552bb218bde
                                                                                                                                                                                                                                      • Instruction ID: 3638505f01646e0ac4784ed6cc98162968e155a2f6d3ee9fb2b054e1d3a62520
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12bbad830140007bb6b1826064dad359210659d44e60f618464c9552bb218bde
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E512531B102068FDB44DB6C846066FFBE6EFD5350B19806AE90ADB384DF35DD068792
                                                                                                                                                                                                                                      Function 060ED375 Relevance: 4.0, Strings: 3, Instructions: 213COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 390 60ed375-60ed3d3 call 60ecbb0 398 60ed768-60ed80c 390->398 399 60ed3d9-60ed3df 390->399 413 60ed80d-60ed838 398->413 400 60ed760-60ed767 399->400 413->413 414 60ed83a-60ed8a3 413->414 417 60ed8bb-60ed8c1 414->417 418 60ed8a5-60ed8b4 414->418 418->417
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (aq$(aq$(aq
                                                                                                                                                                                                                                      • API String ID: 0-2593664646
                                                                                                                                                                                                                                      • Opcode ID: a46a525e562fc7b5b547722dd2ea6ed0cc6e6e83896774e0eb2dec6294d17a1e
                                                                                                                                                                                                                                      • Instruction ID: 706dcb66659a851b25b4973378a5c0514c26460d353e04409d0500e8f1bd3298
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a46a525e562fc7b5b547722dd2ea6ed0cc6e6e83896774e0eb2dec6294d17a1e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8751D438A122097FC784EB75FC16DDBBFBAEBC5300B088259F00597640EEA4598587F5
                                                                                                                                                                                                                                      Function 064F3F30 Relevance: 3.9, Strings: 3, Instructions: 113COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 420 64f3f30-64f3f39 421 64f3f3b-64f3f3f 420->421 422 64f3f45-64f3f5c 420->422 423 64f3f64-64f3faa 421->423 424 64f3f41-64f3f44 421->424 422->423 431 64f3fac-64f3fb2 423->431 432 64f3fe6-64f4034 423->432 433 64f3fc8-64f3fe5 431->433 434 64f3fb4-64f3fc6 431->434 442 64f403f-64f4067 432->442 446 64f4039 call 64f4471 432->446 434->433 446->442
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (aq$(aq$Haq
                                                                                                                                                                                                                                      • API String ID: 0-2456560092
                                                                                                                                                                                                                                      • Opcode ID: 4e1ed585b8ace3bb48d6570039fc19405b997825ceb6e7996dc438c2856f022d
                                                                                                                                                                                                                                      • Instruction ID: 181fe7bef8967f463cbaeba70a5bf788e0706d30652f377d444004868f6779c8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e1ed585b8ace3bb48d6570039fc19405b997825ceb6e7996dc438c2856f022d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4314D357082511FC34A577C942066FBFAAEFC6711B1884AEE509DB381CE659D06C3F2
                                                                                                                                                                                                                                      Function 060E66E0 Relevance: 3.8, Strings: 3, Instructions: 100COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 447 60e66e0-60e66ee 448 60e66f6-60e66fb 447->448 449 60e66f0-60e66f5 447->449 450 60e66fd-60e6709 448->450 451 60e6732-60e6757 448->451 449->448 454 60e675e-60e6772 450->454 455 60e670b-60e6716 450->455 451->454 462 60e6779-60e67e7 454->462 455->454 460 60e6718-60e671a 455->460 461 60e671c 460->461 460->462 475 60e671e call 60e67b8 461->475 476 60e671e call 60e66e0 461->476 477 60e67e9 call 60e6908 462->477 478 60e67e9 call 60e6961 462->478 464 60e6724-60e6726 479 60e6728 call 60e8498 464->479 480 60e6728 call 60e84a8 464->480 466 60e672e-60e6731 473 60e67ef-60e6824 475->464 476->464 477->473 478->473 479->466 480->466
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (aq$(aq$Haq
                                                                                                                                                                                                                                      • API String ID: 0-2456560092
                                                                                                                                                                                                                                      • Opcode ID: 96bfd392746498c7b46ebd0ae3c4dbea79b169d13dff4ac71a12a7df77c1b5e0
                                                                                                                                                                                                                                      • Instruction ID: 4b066046320f55f1df41bca908bdcb0fa9e92dd1478d067e7cf6e6437de27fcd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96bfd392746498c7b46ebd0ae3c4dbea79b169d13dff4ac71a12a7df77c1b5e0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3931C134B102268FC795AF7DA42416E7FE6AB8971131440AEE906D7391DF359E02CBD2
                                                                                                                                                                                                                                      Function 0678418D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 481 678418d-6784190 482 6784208-6784223 LoadLibraryW 481->482 483 6784192 481->483 484 678422c-6784240 482->484 485 6784225-678422b 482->485 486 6784201 483->486 487 6784194-678419b 483->487 485->484 486->482 487->486
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(00000000), ref: 06784216
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344516855.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6780000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                      • String ID: 8pSl
                                                                                                                                                                                                                                      • API String ID: 1029625771-2511881446
                                                                                                                                                                                                                                      • Opcode ID: 07099688ffb1d3524631c4df703ee4bc3accb70cb13b0f642643bce1c8de34db
                                                                                                                                                                                                                                      • Instruction ID: 1107cd1b39c917c437f7160c5e55f8bae4378b6e9f6792ea05966aa20383a40b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07099688ffb1d3524631c4df703ee4bc3accb70cb13b0f642643bce1c8de34db
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5F05E71C483498EDB60EB99D4083EDBBE0EB45314F14805AC168A7641C2BD6444CBA1
                                                                                                                                                                                                                                      Function 03292370 Relevance: 3.2, Strings: 2, Instructions: 709COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 489 3292370-3292436 call 3293428 654 3292438 call 3293f78 489->654 655 3292438 call 3293f88 489->655 501 329243e-329244a 502 3292489-3292495 501->502 503 329244c-3292460 501->503 506 32924b4-329257d call 329451b 502->506 507 3292497-32924af 502->507 508 3292469-3292487 503->508 509 3292462 503->509 656 329257f call 32949e8 506->656 657 329257f call 32949f8 506->657 658 329257f call 329461b 506->658 659 329257f call 32946b0 506->659 660 329257f call 3294be0 506->660 510 3292db4-3292db8 507->510 508->502 509->508 511 3292dba 510->511 512 3292dc3 510->512 511->512 516 3292dc4 512->516 516->516 526 3292585-32927b7 559 32927b9-32927fb 526->559 560 32927fe-3292ae3 526->560 559->560 662 3292ae5 call 32949e8 560->662 663 3292ae5 call 32949f8 560->663 664 3292ae5 call 329461b 560->664 665 3292ae5 call 32946b0 560->665 666 3292ae5 call 3294be0 560->666 667 3292ae5 call 3294d70 560->667 608 3292aeb-3292af4 609 3292afb-3292b07 608->609 610 3292af6-3292af8 608->610 612 3292b09-3292b2c 609->612 613 3292b31-3292b3b 609->613 610->609 612->510 614 3292b3d 613->614 615 3292b44-3292b57 613->615 614->615 617 3292d18-3292d3a 614->617 618 3292ceb-3292d13 614->618 619 3292c8b-3292cbc 614->619 620 3292bfa-3292c21 614->620 621 3292b5c-3292b6c 614->621 622 3292c5c-3292c86 614->622 623 3292d3c-3292d63 614->623 624 3292cc1-3292ce6 614->624 625 3292d65-3292db2 614->625 626 3292c26-3292c57 614->626 615->510 617->510 618->510 619->510 620->510 637 3292b6e-3292bab 621->637 638 3292bb3-3292bdb call 32969de 621->638 622->510 623->510 624->510 625->510 626->510 668 3292bad call 3296658 637->668 669 3292bad call 32966f3 637->669 651 3292be2-3292bf5 638->651 651->510 654->501 655->501 656->526 657->526 658->526 659->526 660->526 662->608 663->608 664->608 665->608 666->608 667->608 668->638 669->638
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: aq$3$
                                                                                                                                                                                                                                      • API String ID: 0-837247858
                                                                                                                                                                                                                                      • Opcode ID: 806f0b1c0f7af799af537626c7ded5f162cf7a50872356fe4e612b84b72cfec4
                                                                                                                                                                                                                                      • Instruction ID: 4ecc39d99ea84b8c415f2bbaf573ec179ec1e69a0e94e9ed2de59886d32e2019
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 806f0b1c0f7af799af537626c7ded5f162cf7a50872356fe4e612b84b72cfec4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71527F34B103099FDB04DB64D4A8B2EBBBAFB88700F14491DE50A9B754CF75AC4ACB91
                                                                                                                                                                                                                                      Function 064FF3AE Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 893 64ff3ae-64ff433 902 64ff43a-64ff446 893->902 903 64ff44e-64ff8b7 902->903
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: cc[l^$sc[l^
                                                                                                                                                                                                                                      • API String ID: 0-793600730
                                                                                                                                                                                                                                      • Opcode ID: 2fd573ce23c6d7e8b867552e894609ea8c83f676019002f9b539aec0e19605f6
                                                                                                                                                                                                                                      • Instruction ID: 65ca702d0f93417b45169d5378fdf7e6047d1184f160f3fdb3c87de951f50876
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fd573ce23c6d7e8b867552e894609ea8c83f676019002f9b539aec0e19605f6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89D11B30E402189FDB55DFA8C940BDDBBB6FF89300F1046AAD509AB265DB359D84CF92
                                                                                                                                                                                                                                      Function 064FF3B0 Relevance: 2.8, Strings: 2, Instructions: 296COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 967 64ff3b0-64ff446 976 64ff44e-64ff8b7 967->976
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: cc[l^$sc[l^
                                                                                                                                                                                                                                      • API String ID: 0-793600730
                                                                                                                                                                                                                                      • Opcode ID: 248410e65553145d0ed920f0874f6414dd0750564961aa375400f38987016a14
                                                                                                                                                                                                                                      • Instruction ID: e7e4aef23d1809f6632ff5bf92ee617c741f3488e73a584563003d5db5aa1dd6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 248410e65553145d0ed920f0874f6414dd0750564961aa375400f38987016a14
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7D11B30E402189FDB55DFA8C940BDDBBB6FF89300F1046AAD509AB265DB359D84CF52
                                                                                                                                                                                                                                      Function 060ED40B Relevance: 2.7, Strings: 2, Instructions: 202COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1040 60ed40b-60ed46c call 60ecbb0 1048 60ed79a-60ed80c 1040->1048 1049 60ed472-60ed478 1040->1049 1059 60ed80d-60ed838 1048->1059 1050 60ed760-60ed767 1049->1050 1059->1059 1060 60ed83a-60ed8a3 1059->1060 1063 60ed8bb-60ed8c1 1060->1063 1064 60ed8a5-60ed8b4 1060->1064 1064->1063
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (aq$(aq
                                                                                                                                                                                                                                      • API String ID: 0-3916115647
                                                                                                                                                                                                                                      • Opcode ID: 224333ee4225014f885650bcf337e4f11e233c5676935243a9c18215e2c734ab
                                                                                                                                                                                                                                      • Instruction ID: 7ae9ff5faec1426aae44bc700fd681335f167341f32b0662fc456d7d999f1b53
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 224333ee4225014f885650bcf337e4f11e233c5676935243a9c18215e2c734ab
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F41D478A122087BC790EB35BC16DDBBFAAABC5740B08C259F00597540EEA4488587F5
                                                                                                                                                                                                                                      Function 0329D620 Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Haq$Haq
                                                                                                                                                                                                                                      • API String ID: 0-4016896955
                                                                                                                                                                                                                                      • Opcode ID: 5a58a1957121bcc80c710f799a0ddf8f27ae2f100d07073370761460a453ad82
                                                                                                                                                                                                                                      • Instruction ID: df051ddfbc47c98b06425fcd6a1d2bff9ede2c5b69a21933dd6395f078e18696
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a58a1957121bcc80c710f799a0ddf8f27ae2f100d07073370761460a453ad82
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2731E435A0421A9FCB01EF7898516AFBFF9EF84200F0844AAD905D7281DB389A45C7E1
                                                                                                                                                                                                                                      Function 064F8DE8 Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (aq$Haq
                                                                                                                                                                                                                                      • API String ID: 0-3785302501
                                                                                                                                                                                                                                      • Opcode ID: 5723f6886bcb9581bd17db7cd7adec611bbb58ed21958b03e0f808b200e02594
                                                                                                                                                                                                                                      • Instruction ID: 0fcf8f1ba88f6b4afee11c3d87197041bf6ba173551e4070557a3f54d132945d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5723f6886bcb9581bd17db7cd7adec611bbb58ed21958b03e0f808b200e02594
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71310431B142589FDB56DB68D8146EFBFB6AFC9300F1400AAD606EB391CE345D05C7A1
                                                                                                                                                                                                                                      Function 03292360 Relevance: 2.6, Strings: 2, Instructions: 98COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: aq$3$
                                                                                                                                                                                                                                      • API String ID: 0-837247858
                                                                                                                                                                                                                                      • Opcode ID: 8f4d6f14e1e9ce95c24207cce3934bfa700af268d32f59ba57453fb5f6bf4168
                                                                                                                                                                                                                                      • Instruction ID: be23384d0bcae82fc7757a8bb9c5e0cfbda552f9141fd85b55c05617a082540c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f4d6f14e1e9ce95c24207cce3934bfa700af268d32f59ba57453fb5f6bf4168
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45314D30A0020A9BDB14DF69D49469EBBFAEF88300F148529D809AB345DF74AD4ACF91
                                                                                                                                                                                                                                      Function 060E6243 Relevance: 2.6, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (aq$Haq
                                                                                                                                                                                                                                      • API String ID: 0-3785302501
                                                                                                                                                                                                                                      • Opcode ID: c031b6395711a84638eded3d92fe316bd4eb9e07cc60f8f485e5bbe5ebe5fff3
                                                                                                                                                                                                                                      • Instruction ID: d338792bfc864160032c32b436440268df5bc4cd19aa41028cc6162d604c94c6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c031b6395711a84638eded3d92fe316bd4eb9e07cc60f8f485e5bbe5ebe5fff3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 321159217087A55FC3571B7918200AE7FA2EFE3210709409BD841DB393CE298D06D3A3
                                                                                                                                                                                                                                      Function 064F0E40 Relevance: 1.9, Strings: 1, Instructions: 676COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: $.aq
                                                                                                                                                                                                                                      • API String ID: 0-1730385875
                                                                                                                                                                                                                                      • Opcode ID: 946aee6c6bcfc4df6f0f1d74cb77aff982257fb7aa2000f3d401479e360de67e
                                                                                                                                                                                                                                      • Instruction ID: 0a20a619d61e5c042963265f437a874512042d3fd5bd3a11d50d23f3137b0282
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 946aee6c6bcfc4df6f0f1d74cb77aff982257fb7aa2000f3d401479e360de67e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6062F634A10215CFDB54DF28D894E9DBBB2FF89210F158199E8099B365DB31ED86CFA0
                                                                                                                                                                                                                                      Function 0329B1C8 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: fbq
                                                                                                                                                                                                                                      • API String ID: 0-3185938239
                                                                                                                                                                                                                                      • Opcode ID: f0c5ccbf6ba609c8b9e9e604039a8ace41aa6b6961ad960282d0c094f48330de
                                                                                                                                                                                                                                      • Instruction ID: b0ca67233be13e217800cf30d95ba212269b5ed85a501b0535d1be2b8ea97a45
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0c5ccbf6ba609c8b9e9e604039a8ace41aa6b6961ad960282d0c094f48330de
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81222974B102058FDB18DF78D494A6EBBB6FF89310B248669E4069B365DB70EC46CF90
                                                                                                                                                                                                                                      Function 06789F2F Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • K32EnumProcesses.KERNEL32(?,?,?), ref: 0678A130
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344516855.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6780000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: EnumProcesses
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 84517404-0
                                                                                                                                                                                                                                      • Opcode ID: 3e9d5fce7952124d24137541cf478b18555764f8a7a549de382df8c70fd813be
                                                                                                                                                                                                                                      • Instruction ID: 94b6f7a49e2a9dc52e15c35ced76ac6fac7708a39988700b7fec72cff564784c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e9d5fce7952124d24137541cf478b18555764f8a7a549de382df8c70fd813be
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39618E71A002098FDB54EFA9C9446AFBBF6FFC4310F148529D519EB345DB34A905CBA2
                                                                                                                                                                                                                                      Function 0678A9B4 Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • QueryFullProcessImageNameA.KERNEL32(?,00000000,0678A80F,?), ref: 0678AACA
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344516855.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6780000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FullImageNameProcessQuery
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3578328331-0
                                                                                                                                                                                                                                      • Opcode ID: b09c8b6782dbfa9af30b4784cb7e20d995dc467ebc6e8c94bc44348c6fe40d4b
                                                                                                                                                                                                                                      • Instruction ID: fd9b23ce9a400e9ad7191c8f05bf21159ebe09e9d9c2d73f1330de48a1d89ddf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b09c8b6782dbfa9af30b4784cb7e20d995dc467ebc6e8c94bc44348c6fe40d4b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55513170D002489FDB18DFA9C594BAEFBF2AF08310F14C06AE85AAB251C7789944CF91
                                                                                                                                                                                                                                      Function 0678A520 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • QueryFullProcessImageNameA.KERNEL32(?,00000000,0678A80F,?), ref: 0678AACA
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344516855.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6780000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FullImageNameProcessQuery
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 3578328331-0
                                                                                                                                                                                                                                      • Opcode ID: 0c1b1d99d0c0e1729273e79a588219f00e6fb0c07782e53c5ec52ca7cc1d0aeb
                                                                                                                                                                                                                                      • Instruction ID: b24e095e1790630b0ff47724926ab3fda2bdd7b886386050db2f9f2363270e95
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c1b1d99d0c0e1729273e79a588219f00e6fb0c07782e53c5ec52ca7cc1d0aeb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32513370D00249DFDB14DFA9C594BAEBBF2BF48314F14C46AE81AAB250D7789944CF91
                                                                                                                                                                                                                                      Function 060E4A78 Relevance: 1.6, Strings: 1, Instructions: 364COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: $.aq
                                                                                                                                                                                                                                      • API String ID: 0-1730385875
                                                                                                                                                                                                                                      • Opcode ID: c9ee366781e47faae27dc62d2bafe91cc5aa2da91243bebc2ba34c836744f503
                                                                                                                                                                                                                                      • Instruction ID: 11f588dd97ba7496124e36732807125e4268b8285c1575ee84a13024cc60fdd2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9ee366781e47faae27dc62d2bafe91cc5aa2da91243bebc2ba34c836744f503
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99E16A34B002158FCB48DFA9D490A9DBBF6FF88310B1585A9E815AB365DB30EC46CB90
                                                                                                                                                                                                                                      Function 064FA2F0 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (aq
                                                                                                                                                                                                                                      • API String ID: 0-600464949
                                                                                                                                                                                                                                      • Opcode ID: 0d1288241185df5d5be9b9c5946f17364ef8f36f0c5bce3b86207ee15ad24b7a
                                                                                                                                                                                                                                      • Instruction ID: 235e18689dec8ed084e09a5ea2734abe1259642dad887b589c3bee7e838594c3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d1288241185df5d5be9b9c5946f17364ef8f36f0c5bce3b86207ee15ad24b7a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48C18E30A10715CFCBA5DF28C09466BBBF2BF88300F158969D54A8B795DF34E986CB91
                                                                                                                                                                                                                                      Function 064F5D10 Relevance: 1.6, Strings: 1, Instructions: 325COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: TJbq
                                                                                                                                                                                                                                      • API String ID: 0-1760495472
                                                                                                                                                                                                                                      • Opcode ID: 81455b363dbaa598e6ca3a72a0c4271045bffffb168a7bcc9e8ea7f2cd6df47b
                                                                                                                                                                                                                                      • Instruction ID: c5d4b57f586dbc1b870899d684d3f0a18c0a755d3c67427d29a6770227e35814
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81455b363dbaa598e6ca3a72a0c4271045bffffb168a7bcc9e8ea7f2cd6df47b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CC1D1316006009FD758DF28D884A6ABBF6FF89310B1585A9E516CB7A1CB31EC05CBA1
                                                                                                                                                                                                                                      Function 0678A0C0 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • K32EnumProcesses.KERNEL32(?,?,?), ref: 0678A130
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344516855.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6780000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: EnumProcesses
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 84517404-0
                                                                                                                                                                                                                                      • Opcode ID: c2d5fafbc5ee9cd27ef2d6e57c32f3f274b1acea94da4e6d7fe8c1130c5575c5
                                                                                                                                                                                                                                      • Instruction ID: 87504cba310b521418818538fd2a7f4b96367a98eca330e5a1cfaaaffd967236
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2d5fafbc5ee9cd27ef2d6e57c32f3f274b1acea94da4e6d7fe8c1130c5575c5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 682103B1D002499FCB10DF9AC484BDEBBF5FF48320F10842AE958A7250D778A944CFA5
                                                                                                                                                                                                                                      Function 06784135 Relevance: 1.6, APIs: 1, Instructions: 50libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(00000000), ref: 06784216
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344516855.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6780000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                                      • Opcode ID: 97161b3b7fd2ed29893990545537be68b5cab8ac8b8843d518b696c605da6c93
                                                                                                                                                                                                                                      • Instruction ID: b4ec6b0da1eaaba5c4d0ac6a793e0bebdfd811650dd437f5207cfe36dcd354b8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97161b3b7fd2ed29893990545537be68b5cab8ac8b8843d518b696c605da6c93
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F1132B6D0024A8FCB10DF9AC444AAEFBF1BF48210F10846AC568A7315C379A906CFA1
                                                                                                                                                                                                                                      Function 067841A8 Relevance: 1.5, APIs: 1, Instructions: 49libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(00000000), ref: 06784216
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344516855.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6780000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                                      • Opcode ID: 79cf80975fd9383f4d26ed53bbdabdc8a5c1424f47c7e33ddd5d512a5cd7e202
                                                                                                                                                                                                                                      • Instruction ID: 50b6da8ac79edbd9d835e29de35263c09d90886ee9eaeca95f2edfcacba1caf9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79cf80975fd9383f4d26ed53bbdabdc8a5c1424f47c7e33ddd5d512a5cd7e202
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2311FDB6C0064A8ECB10DF9AD944ADEFBF9BF48210F10851AD928B7610C379A545CFA1
                                                                                                                                                                                                                                      Function 067841B0 Relevance: 1.5, APIs: 1, Instructions: 47libraryCOMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(00000000), ref: 06784216
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344516855.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6780000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                                      • Opcode ID: 60107ffeb3abe9ca3cf77b7087381d1e9d46df7c3327613b595ada3d5a9a6d0b
                                                                                                                                                                                                                                      • Instruction ID: 1504addd6aae7393b1f10501422e0f3b5fb172f50547d94936a0a3e0b042791e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60107ffeb3abe9ca3cf77b7087381d1e9d46df7c3327613b595ada3d5a9a6d0b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C911D2B5C002498FCB10DF9AD844A9EFBF5EB49210F14841AD569B7210C379A545CFA1
                                                                                                                                                                                                                                      Function 064F7E40 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: TJbq
                                                                                                                                                                                                                                      • API String ID: 0-1760495472
                                                                                                                                                                                                                                      • Opcode ID: 9a1edf39cd10e27e6558a6251a92047cbf92f142450edb236df35c4abd8f8ed0
                                                                                                                                                                                                                                      • Instruction ID: f0b82b46ef42e7268a72a393ac4635a6e72bb09fa33564bb7c5beb391b336222
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a1edf39cd10e27e6558a6251a92047cbf92f142450edb236df35c4abd8f8ed0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2C10774A106048FDB64CF69D584A9EBBF2FF88300F10866AD5199B3A5D734ED45CF90
                                                                                                                                                                                                                                      Function 060E70B8 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: BSJB
                                                                                                                                                                                                                                      • API String ID: 0-3974584432
                                                                                                                                                                                                                                      • Opcode ID: 105ef88a11ef1a519c9133d98e73ebf7ef781a8f8fac0be712dde72362d72c58
                                                                                                                                                                                                                                      • Instruction ID: bd1ca35ef83223ddc9728655552dcd10930d28671b639dff4a70f0a4d1e8b120
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 105ef88a11ef1a519c9133d98e73ebf7ef781a8f8fac0be712dde72362d72c58
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2DA16830B002128FC788DB79D990A6EBBF6FF88700B104669D80ADB361DB75ED05CB91
                                                                                                                                                                                                                                      Function 060ED260 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (aq
                                                                                                                                                                                                                                      • API String ID: 0-600464949
                                                                                                                                                                                                                                      • Opcode ID: b600358f5c97fdcd0fb07947001c348bd2e85e648d9feeb5eb925fed2965d88f
                                                                                                                                                                                                                                      • Instruction ID: 09dc1cb3c7b455a5bc7af9da8364e9e7cc272c36a25c04f6c34272d348d6f06c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b600358f5c97fdcd0fb07947001c348bd2e85e648d9feeb5eb925fed2965d88f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC614778A563087FC395E735BC16DDB7FABDFC1740B08829AF00187641EAA4488587F6
                                                                                                                                                                                                                                      Function 064F6640 Relevance: 1.5, Strings: 1, Instructions: 229COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: PK00
                                                                                                                                                                                                                                      • API String ID: 0-1863955648
                                                                                                                                                                                                                                      • Opcode ID: 19b11e5027849c96e873ee32ac37940ece676712d522646e779fb0a85a552335
                                                                                                                                                                                                                                      • Instruction ID: 44addddf7d29664d3f43497fd65c187b1f1b113f193b460680fec91e57a4ad82
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19b11e5027849c96e873ee32ac37940ece676712d522646e779fb0a85a552335
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A181B030B101108FD7949F2DD494A6AFBE6FF89710B1684AEE91ADF361CA71EC41CB91
                                                                                                                                                                                                                                      Function 064F7E31 Relevance: 1.5, Strings: 1, Instructions: 227COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: TJbq
                                                                                                                                                                                                                                      • API String ID: 0-1760495472
                                                                                                                                                                                                                                      • Opcode ID: c7eeb7a62e50fcb3b033e487f0a021bbc9185315ac2bfbe6d7bc1349010c78ef
                                                                                                                                                                                                                                      • Instruction ID: de0dbc2db6f152b905fbd32b12b9108bafea4c9ce1265af78a1a122cc0725998
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7eeb7a62e50fcb3b033e487f0a021bbc9185315ac2bfbe6d7bc1349010c78ef
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CBA11974A102048FDBA4CF69D584A9ABBF2FF88300F1485AAD519DB365DB34ED45CF90
                                                                                                                                                                                                                                      Function 064F154E Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: $.aq
                                                                                                                                                                                                                                      • API String ID: 0-1730385875
                                                                                                                                                                                                                                      • Opcode ID: 1766d2ed859c67cdf2f33daa8cbfe1ec77f57ccbd4f0450fb33c11bb943e9346
                                                                                                                                                                                                                                      • Instruction ID: b497dc4e3b9eab5376ed3aba2fd98cafe12949da2fd7d0833e2eaf1005816937
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1766d2ed859c67cdf2f33daa8cbfe1ec77f57ccbd4f0450fb33c11bb943e9346
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1381E538A102198FDB54DB68D894B5EB7B2FF88310F14809AE909EB355DB31AD46CF91
                                                                                                                                                                                                                                      Function 03296768 Relevance: 1.4, Strings: 1, Instructions: 187COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: HC`q
                                                                                                                                                                                                                                      • API String ID: 0-1338488410
                                                                                                                                                                                                                                      • Opcode ID: 697d10331aabcdfc3075fbfeac69f3ddbedd61ba0c282cd4c8daaf60126c0cff
                                                                                                                                                                                                                                      • Instruction ID: 17cd4b8adaa69d9509881bcb619331195a4859bca43472bfdab009895b518110
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 697d10331aabcdfc3075fbfeac69f3ddbedd61ba0c282cd4c8daaf60126c0cff
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4618D30B1020A9FCB05DF68E49099DBBF6EF85314B148469E405EB365EF35ED89CB81
                                                                                                                                                                                                                                      Function 064F3BE8 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: \
                                                                                                                                                                                                                                      • API String ID: 0-2967466578
                                                                                                                                                                                                                                      • Opcode ID: 2c036438798c9afe8af0ac82023f57e7ad0d5630b1db22c3b2ce329950dac77e
                                                                                                                                                                                                                                      • Instruction ID: 7efafe5e58177f135f4a01895a9ccd7c2f3bdc41548c0e01990a7e9c233589a3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c036438798c9afe8af0ac82023f57e7ad0d5630b1db22c3b2ce329950dac77e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81618A30B103059FCB56DF64D994A6EBBB6FF88304F148529E50A9B3A1DB35EC42CB91
                                                                                                                                                                                                                                      Function 064F3BF8 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: \
                                                                                                                                                                                                                                      • API String ID: 0-2967466578
                                                                                                                                                                                                                                      • Opcode ID: 5862fa0a88c3060fb031d3bd7eba03da90d4a9afebf74ca95c736551a856cad2
                                                                                                                                                                                                                                      • Instruction ID: 972a8a3af9ef7820686450ccd1dd12abb05f500fbf627a960455680cc5dd9b67
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5862fa0a88c3060fb031d3bd7eba03da90d4a9afebf74ca95c736551a856cad2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA616930B103059FCB56DF64D998A6EBBB6FF88304F148429E50A9B3A1DB35EC41CB91
                                                                                                                                                                                                                                      Function 064F4948 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Haq
                                                                                                                                                                                                                                      • API String ID: 0-725504367
                                                                                                                                                                                                                                      • Opcode ID: 494af3b7a03990a2dc1680e1f8aec296985e24e317855e1afbc66f2d77273195
                                                                                                                                                                                                                                      • Instruction ID: c49ded46397a3f9fc8b84949968afb2905247487567de50b1564b717d50b26c3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 494af3b7a03990a2dc1680e1f8aec296985e24e317855e1afbc66f2d77273195
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18416A343002018FC754DF7CD89491ABBEAEFC921071489A9E54ACB365DA31ED0ACB91
                                                                                                                                                                                                                                      Function 0329A2E0 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Te]q
                                                                                                                                                                                                                                      • API String ID: 0-52440209
                                                                                                                                                                                                                                      • Opcode ID: 20be9ac55d40338ff31b9ad398b281ce5f1f9b921bc7b3c81b93cea89400accb
                                                                                                                                                                                                                                      • Instruction ID: 492c62f4c501979fe8c7c9458315a6680b8706163d99bbc5af50ce8dcd984397
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20be9ac55d40338ff31b9ad398b281ce5f1f9b921bc7b3c81b93cea89400accb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66313130A1020A9FCB04EF7DE5959ADBBBAFF88300B14852AD8059B358EF74D945CBD5
                                                                                                                                                                                                                                      Function 064F507F Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: {'
                                                                                                                                                                                                                                      • API String ID: 0-2381349322
                                                                                                                                                                                                                                      • Opcode ID: 6bb608bcdda9b72b27a3b296cf94c353bff706616058c7afca7abd259a7aaf96
                                                                                                                                                                                                                                      • Instruction ID: e808ec6d3afb5672753ed4071aa7834a38fb2b3300f61a372fe206d6475c3691
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bb608bcdda9b72b27a3b296cf94c353bff706616058c7afca7abd259a7aaf96
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB316F34B202058FCB54DF79D954A6BBBE9FF89314F00849AE906DB365DB70ED048B92
                                                                                                                                                                                                                                      Function 060E4FB8 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: $.aq
                                                                                                                                                                                                                                      • API String ID: 0-1730385875
                                                                                                                                                                                                                                      • Opcode ID: 2e034963966034f388de9a6e50506d9275961f3f3d756545c11a89fadcdc7cfd
                                                                                                                                                                                                                                      • Instruction ID: 4567f3ad27f7cb0749c4db77d6efeb1593aed0122dbb361ebe7756d579ca1064
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e034963966034f388de9a6e50506d9275961f3f3d756545c11a89fadcdc7cfd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE317070B402224FCB45EF7998A096EBFEAEF88214700857AE906DF345EA75DD0587D1
                                                                                                                                                                                                                                      Function 060E70A9 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: BSJB
                                                                                                                                                                                                                                      • API String ID: 0-3974584432
                                                                                                                                                                                                                                      • Opcode ID: eb8762d75413e815c1b109047df9bae854e27a542425144c9d409995b60d37b4
                                                                                                                                                                                                                                      • Instruction ID: e166cde513fb4cebea4d74f53335ac847f021267b58f76e8ce73af8c6be1c6df
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb8762d75413e815c1b109047df9bae854e27a542425144c9d409995b60d37b4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 703155307506208FC789DB28C994A697BF6FF89B10B1145A9E106CB3B2DBB1EC01CB80
                                                                                                                                                                                                                                      Function 03290910 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: [8
                                                                                                                                                                                                                                      • API String ID: 0-2507974813
                                                                                                                                                                                                                                      • Opcode ID: 8d7f5f479b30f0d0336d805be4ba8ec8b8e3d26c96922953a854cafb1bbb446c
                                                                                                                                                                                                                                      • Instruction ID: ab4beb89bc01a589164c0ba1c92cdb82dde2a06ec41ad1a97552b342470348e5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d7f5f479b30f0d0336d805be4ba8ec8b8e3d26c96922953a854cafb1bbb446c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D31A670A002199FDB14DF68D95465EBAFAEF88700F14852AD909EB344DF34AD05CBD4
                                                                                                                                                                                                                                      Function 064F8EFF Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Haq
                                                                                                                                                                                                                                      • API String ID: 0-725504367
                                                                                                                                                                                                                                      • Opcode ID: 1d44561979b6471d8996b7c57755d3a776e33d286c514f721292b1624da63193
                                                                                                                                                                                                                                      • Instruction ID: 942b5533d2594ff86fee12657e355b1a31e3ecde2d39aa51d2ac0c66ebd324ce
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d44561979b6471d8996b7c57755d3a776e33d286c514f721292b1624da63193
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9021DF303192945FC7859B3D986496B3FEBAF8A21070500EAF50ACB3A2CD25DD0583B2
                                                                                                                                                                                                                                      Function 0329A2D0 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Te]q
                                                                                                                                                                                                                                      • API String ID: 0-52440209
                                                                                                                                                                                                                                      • Opcode ID: a5186fc42eef42859112056b09dcbda7c1a25ca956af25886527deb284667526
                                                                                                                                                                                                                                      • Instruction ID: 58eee7d814a5ad50186743f32fad9b8e30dc147ae183f191837e0488673f4be3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5186fc42eef42859112056b09dcbda7c1a25ca956af25886527deb284667526
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7218131A102098FCB04EF7DE5959ADBFF5EF88310B448529D4059B354EF749949CB91
                                                                                                                                                                                                                                      Function 060E84F8 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Haq
                                                                                                                                                                                                                                      • API String ID: 0-725504367
                                                                                                                                                                                                                                      • Opcode ID: 6f10134516dd42155e1b31d83dbc1398a05c3b2b28423c2b86e7e00779f61e7f
                                                                                                                                                                                                                                      • Instruction ID: 289c50f9659712367a0e19ce3005e21194f02620e97c7e6ca785d1ece7f1c1bf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f10134516dd42155e1b31d83dbc1398a05c3b2b28423c2b86e7e00779f61e7f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 902127313043514FC30A5779E89446EBFA6EFC1315B44887EE586DB251CE64AD09CBD2
                                                                                                                                                                                                                                      Function 03293603 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: +
                                                                                                                                                                                                                                      • API String ID: 0-3975157064
                                                                                                                                                                                                                                      • Opcode ID: cec3f808b5dffe7c783fa077ba8e78335b199ac435ede7df843b0ac420f7ecdd
                                                                                                                                                                                                                                      • Instruction ID: eb96556feb0459b24564187a01c636b73e12e3c8e8ea076db5197c6c8a92ef70
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cec3f808b5dffe7c783fa077ba8e78335b199ac435ede7df843b0ac420f7ecdd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B4119D322006164BD718DB1DE990A5AB7EBEFC8354B14853AD60ACB324EF35ED0687C8
                                                                                                                                                                                                                                      Function 03293610 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: +
                                                                                                                                                                                                                                      • API String ID: 0-3975157064
                                                                                                                                                                                                                                      • Opcode ID: 4d6b5a912aa6f1bc35a86b835fdfafcb53a5d5480b039796bd0c224fa065d619
                                                                                                                                                                                                                                      • Instruction ID: 70d2b8c01723611686ce6a5552a61238e58960807a4d61c35fbe5a3ea4420887
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d6b5a912aa6f1bc35a86b835fdfafcb53a5d5480b039796bd0c224fa065d619
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93119E312006164BD718DB2DE99095AB7EBEFC8314B14853ED60ACB324EF75ED0A87C4
                                                                                                                                                                                                                                      Function 0329451B Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (:_q
                                                                                                                                                                                                                                      • API String ID: 0-1998534842
                                                                                                                                                                                                                                      • Opcode ID: 5697d8617bd956f5bba5465c1c4a030035586ce09c0af1fbf6b65a7c223dbc25
                                                                                                                                                                                                                                      • Instruction ID: 09edbe5935c1eb7769294b0a6f2511434e85a405010e7f4554f854f4c7bf4ca1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5697d8617bd956f5bba5465c1c4a030035586ce09c0af1fbf6b65a7c223dbc25
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E110C31710318ABD700DB6AE95175EBBEDFB84310F14842AE909CB300EF349D018BD4
                                                                                                                                                                                                                                      Function 032913A9 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: #%
                                                                                                                                                                                                                                      • API String ID: 0-295450554
                                                                                                                                                                                                                                      • Opcode ID: 2d3d0942961a4d637cbb47f715a882f51be6100cf70050d4f51b3cb2a9913be3
                                                                                                                                                                                                                                      • Instruction ID: ff9a21eea1e2e1c246d1403b1b8a0fbafda573b37dcb8c4ae018c45be839fb38
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d3d0942961a4d637cbb47f715a882f51be6100cf70050d4f51b3cb2a9913be3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D11C431641314AFD705DB19E510B6A7AAEEBC8314F14866AC9018F298CB79DD0BCFC1
                                                                                                                                                                                                                                      Function 060E9878 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Haq
                                                                                                                                                                                                                                      • API String ID: 0-725504367
                                                                                                                                                                                                                                      • Opcode ID: 7d2dd76f8a5f4c281b8a88c11eff4e4cc5782d7dbd248c7c32ffce26166d963f
                                                                                                                                                                                                                                      • Instruction ID: dfa6b34e408327c7c423d6972a8fb3a8b19eaa4dcda0660a9ac7d00959b7f498
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d2dd76f8a5f4c281b8a88c11eff4e4cc5782d7dbd248c7c32ffce26166d963f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6101B124B0A3918FC79A9B38C954555BFB2AF42201BA945EAE044CF2E3C765D819C773
                                                                                                                                                                                                                                      Function 03290C40 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: @?`q
                                                                                                                                                                                                                                      • API String ID: 0-3617066881
                                                                                                                                                                                                                                      • Opcode ID: 9a50784845078c85ed0f18d41bd3952b6ba63baa88d83f6dcfa657b04b998e6a
                                                                                                                                                                                                                                      • Instruction ID: da213d1b3067dbb9e4a896f548d0097e06f4ac043ffb6a8be6ae1e1c412c34af
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a50784845078c85ed0f18d41bd3952b6ba63baa88d83f6dcfa657b04b998e6a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E118C3090121EDFCB04DFA8E994BADBBB5FF84305F048669D815AB354DB346A05CF82
                                                                                                                                                                                                                                      Function 03290C50 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: @?`q
                                                                                                                                                                                                                                      • API String ID: 0-3617066881
                                                                                                                                                                                                                                      • Opcode ID: b86416c0d16f55fc5b520851b62c511d9e09c9507c8723c177b98a472024b327
                                                                                                                                                                                                                                      • Instruction ID: a87a1d47da1c3ecf79e4c7373ce348f016c55bdac0d8840e932abd5302fae2d3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b86416c0d16f55fc5b520851b62c511d9e09c9507c8723c177b98a472024b327
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B110A70D0121EAFCB04EFA8E954A6DBBB5FF88304F008569D915EB340DB345A04CF81
                                                                                                                                                                                                                                      Function 03292E7F Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: $]q
                                                                                                                                                                                                                                      • API String ID: 0-1007455737
                                                                                                                                                                                                                                      • Opcode ID: 83f614639da3caafd03df46c6a949507b94b9c579819fed440c57bf011ace67f
                                                                                                                                                                                                                                      • Instruction ID: 7833946d178f2889e080035fa695571f4cb5cae6a613a4029234cc53d4bcfdee
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83f614639da3caafd03df46c6a949507b94b9c579819fed440c57bf011ace67f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77014C35908348AFCB45DFA8E95068CBFB6FB4A310F1045EAD845EB261DA385A08CB55
                                                                                                                                                                                                                                      Function 03292E98 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: $]q
                                                                                                                                                                                                                                      • API String ID: 0-1007455737
                                                                                                                                                                                                                                      • Opcode ID: e1dbfa441a0cc3048d95fc584e491e735d5c2ac5f501109b7d01b0a8b6ac04a6
                                                                                                                                                                                                                                      • Instruction ID: 04f775471b94c4a4a2b57f49b326b2ffbaae1007934b8bbb660a2ca70b7d90e8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e1dbfa441a0cc3048d95fc584e491e735d5c2ac5f501109b7d01b0a8b6ac04a6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CDF0C974D0020DAFCB44EFA8D594A9DBFF6EB98300F5085A9D805E7254EA345A09CF95
                                                                                                                                                                                                                                      Function 064FBCC9 Relevance: .6, Instructions: 601COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9f9f49e75f15c11e2318052961d83998d81b6fd7f6d324f27d91fd48d80498fb
                                                                                                                                                                                                                                      • Instruction ID: deb650506e429d607ae208c67039a4d7f2e0bb6e081f24a15930d8c728514c8d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f9f49e75f15c11e2318052961d83998d81b6fd7f6d324f27d91fd48d80498fb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A652F274A00619CFCB64CF99C580A9AFBF2FF88310B24865AD95AAB755D731EC42CF50
                                                                                                                                                                                                                                      Function 03297310 Relevance: .5, Instructions: 542COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5a61da61f3d8aacd4d61e8f9f9f8a4bfbff81315cebb2bc3e551987945b79aa4
                                                                                                                                                                                                                                      • Instruction ID: 24aa2bcb154cd2863450f1188cedfe8f14631072030d193f434d418a502824d0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a61da61f3d8aacd4d61e8f9f9f8a4bfbff81315cebb2bc3e551987945b79aa4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3322974A1030A8FDB04DFA8D594A9EBBF6FF89310F148169E409AB365DB34AD45CF90
                                                                                                                                                                                                                                      Function 0329DBC8 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e80462844ce1afd524d499cf8f9321534463bd435960923da6133c062006c366
                                                                                                                                                                                                                                      • Instruction ID: c1543faf6ed0b10a88d742dab53c14071c15c75a51bd1f1eacd415eb1a04b424
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e80462844ce1afd524d499cf8f9321534463bd435960923da6133c062006c366
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0B18E75B002069FDF04DB69E990A6EBBAAEFC8300B14842AE905DB354DF74DD05CBD5
                                                                                                                                                                                                                                      Function 064FCF90 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 668d990860f273ac20138b1d37c0a2c89b541a8f620a77af4a479285aebd49ae
                                                                                                                                                                                                                                      • Instruction ID: 8c70b29ef409de00f689825fc339978c0fd989dff2fa7724589c55232f792ded
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 668d990860f273ac20138b1d37c0a2c89b541a8f620a77af4a479285aebd49ae
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0D1F374A1061ADFCB44CF98C9809AEFBF1FF88304B24866AD91997715D335E892CF94
                                                                                                                                                                                                                                      Function 0329CAD7 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2c5c60f3a4697bfcf6ba1552da06d81c9d60c15fd86a6077ad1fe73baec5421b
                                                                                                                                                                                                                                      • Instruction ID: 20cd30635f8f72ff987894295138d5270e1d6ae81490884981f64c3098e70f2f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c5c60f3a4697bfcf6ba1552da06d81c9d60c15fd86a6077ad1fe73baec5421b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7A191357002168FDF05DFA8E8A06AEBBB6EFC8311B14816AE905DB355DF349D05CBA1
                                                                                                                                                                                                                                      Function 064F0608 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 455456baab722d35479c66414c88c12a3e7cd1448eed3fb5223cc7980ea93614
                                                                                                                                                                                                                                      • Instruction ID: 411b579e8fdb46d69688544b982ecc23cfe9b10686dc86a0a8e5136ea6501ab3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 455456baab722d35479c66414c88c12a3e7cd1448eed3fb5223cc7980ea93614
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6915E35B102099FCB49DFA8C4A49AEBBF2BFC8710B11806AE506EB355DF709D46CB51
                                                                                                                                                                                                                                      Function 060E6B10 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8a77d76e36aaae21b9b8d8653cca5e5633ca1f70dd5738da781f3f85757fbfc2
                                                                                                                                                                                                                                      • Instruction ID: e3d043011929babfc65e19675620e07fbf9a8a12b484ff9d4d671f5c9b3e3e17
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a77d76e36aaae21b9b8d8653cca5e5633ca1f70dd5738da781f3f85757fbfc2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83818A347502108FD744CF29D898A69BBE6EF89710F2545AAE905CF3B2DA72EC45CB50
                                                                                                                                                                                                                                      Function 0329EEC8 Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e140f1795951293682e6d5729139bbf5161c42aff56e37fd46aafd44d0520e41
                                                                                                                                                                                                                                      • Instruction ID: f3ddf5545a3402c09dea2843f8f2101547cb39641a32a3a131ee11e8b3fb3606
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e140f1795951293682e6d5729139bbf5161c42aff56e37fd46aafd44d0520e41
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05918E70A007069FDB24CF29D68099EBBF6FF88300B14866AD446DB765DB30ED49CB90
                                                                                                                                                                                                                                      Function 064F6990 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d529ecf63470fa2368e776134bdbafac3041b3c5b35aae4b0c7a0dd9f2ad724f
                                                                                                                                                                                                                                      • Instruction ID: e3db9ff4c39f8157a7ebedeac7368da8bc9aeb529a00602f504d3583fcbfb275
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d529ecf63470fa2368e776134bdbafac3041b3c5b35aae4b0c7a0dd9f2ad724f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCA10574A206018FCB64CF29D58495ABBF6FF88314B2586AEE54ACB771DB70E805CF50
                                                                                                                                                                                                                                      Function 060EC098 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7d19c1ae0bbc7eeba4560b2598d1caf57dfe8b4d75a7a80d3c153005285d8126
                                                                                                                                                                                                                                      • Instruction ID: 366e76cd84b3d417b3d1f9c2a84e038d06e82394602180a83c1b3ba4fb8c518b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d19c1ae0bbc7eeba4560b2598d1caf57dfe8b4d75a7a80d3c153005285d8126
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06711A31B452218FEB95CFA8D880AAEBFF6EF85210B1585ABE425CB251C731DC45C7A1
                                                                                                                                                                                                                                      Function 064F69A0 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6c39d0969b2a2754b10e52762d98b51cf5308f329ec00cb2080cc527314b9584
                                                                                                                                                                                                                                      • Instruction ID: 5527f2f79aac7df7cd7d18ea307583d99efa0b03fdddd6aea64d09df8da33fb5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c39d0969b2a2754b10e52762d98b51cf5308f329ec00cb2080cc527314b9584
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CA11674A206018FCBA4DF29D584A5ABBF6FF88314B25856EE54ACB771DB70E805CF40
                                                                                                                                                                                                                                      Function 060EC340 Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5e4c7fe95905a05983f265ac25b1e620a2a438171ac5dfe6b70f1adbccc695d6
                                                                                                                                                                                                                                      • Instruction ID: e09ddd311d2edd91a59f7b72d9094c1fcd91a4e4605c78ebfda194cf53cd5d18
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e4c7fe95905a05983f265ac25b1e620a2a438171ac5dfe6b70f1adbccc695d6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C71D171B446218FDB95DF68D8409AEBFF2FF84210B14866AE42ACB351D731EC45CBA1
                                                                                                                                                                                                                                      Function 064FF8C9 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4ebcac3c6cc84a22e22a5344badd594f3280627ffcebe998110f618f63055634
                                                                                                                                                                                                                                      • Instruction ID: a3f25839747e46bf3ff2af7819b7ef6c39d2559e907c01c7ffc81541a4718b16
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ebcac3c6cc84a22e22a5344badd594f3280627ffcebe998110f618f63055634
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22718F34B101048FDB08AF78D494BAEBBB6EFC8304F154529D946AB391CF75AD068BD1
                                                                                                                                                                                                                                      Function 060E7403 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 78fd71e8033274aba7e2ac417750dedd628351a63e3bc5aad883b5dcb259aa06
                                                                                                                                                                                                                                      • Instruction ID: ab7b92c50cd7e49966893b6b17acc9717c4f8068bd218cefbf01d5a87aad5f72
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 78fd71e8033274aba7e2ac417750dedd628351a63e3bc5aad883b5dcb259aa06
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 587158757506108FC749DF28C994E6A7BF6FF89710B1681AAE956CB3B2CA31EC01CB50
                                                                                                                                                                                                                                      Function 064FF8D8 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0c7ef04dcd78519c0c4c76503a93c6df9d82f9914052719417732de43921ae47
                                                                                                                                                                                                                                      • Instruction ID: 73d0b76a90d40454c6e5dde3ab7b45f75a3f600ae20fe40f3d3b753c336c14f2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c7ef04dcd78519c0c4c76503a93c6df9d82f9914052719417732de43921ae47
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02718034B101058FDB08EF78D494B6EBAB6EFC8304F114529D946AB395CF75AD068BD1
                                                                                                                                                                                                                                      Function 060E1921 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b02eb76326259d809c638c58a84d8e9c2fbec2455ba90e2b757eec7926d6dd57
                                                                                                                                                                                                                                      • Instruction ID: 914c3c71658ac78db7ce80c6349b379a8997016c57304787694ef6b87d8b20ee
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b02eb76326259d809c638c58a84d8e9c2fbec2455ba90e2b757eec7926d6dd57
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27815E34B502058FCB84DF6CD59596ABBE6FF8831071488A9E546CF365EB34DC058B91
                                                                                                                                                                                                                                      Function 060E1930 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ae9cd91875fb3c381a603072c8d8b5720301ed0eab21eb0016248bb7b19ba506
                                                                                                                                                                                                                                      • Instruction ID: 6a26654b011bd48a9e2743eb7ce6ca9c5349224ff2e671d343af320e0a4fffaa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae9cd91875fb3c381a603072c8d8b5720301ed0eab21eb0016248bb7b19ba506
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67816E34B902058FCB94DF6DD59596EBBE6FF88310B1488A9E406CF365EB34EC058B91
                                                                                                                                                                                                                                      Function 060EB748 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 52d4b440ef4982f4a38f7defd1a2d746b2957265c7f81bec34c8cff6e8f652d5
                                                                                                                                                                                                                                      • Instruction ID: d8ba921d2233c296ff2f0fbf0e4037ddf53d59fbec65ab0bbaa7bd536e5bf573
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52d4b440ef4982f4a38f7defd1a2d746b2957265c7f81bec34c8cff6e8f652d5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E61A170B812228FD794EF29CA9056EBFE2FF89300B14856AD459CB366DB30DD45CB91
                                                                                                                                                                                                                                      Function 03299888 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 15339850037a7b39a8a5768762cf2164e95835962c94bb0b530e566661f76fc9
                                                                                                                                                                                                                                      • Instruction ID: 1dd40d8145885b9a1a1cbb14d781428183571ed9d3aaee17139f91a079394ea2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15339850037a7b39a8a5768762cf2164e95835962c94bb0b530e566661f76fc9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0481A271A107458FDB25CF28C540A9EBBF2FF89320F144A5EE496AB665C730E985CF90
                                                                                                                                                                                                                                      Function 03297C48 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 63d3025fbd026c8db84b1d13dad8d5450fb5548161085e518c6d9b5391d3d2ff
                                                                                                                                                                                                                                      • Instruction ID: 2162d8deb663a4c2ffdcb91eeaf3f35c73190ef76b7518e43c2a81b0414b5eb5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63d3025fbd026c8db84b1d13dad8d5450fb5548161085e518c6d9b5391d3d2ff
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8251E3317203124FDB14DA6CA890A6EBBD9EF84660B18856BD909CB780EF79DC08C7D0
                                                                                                                                                                                                                                      Function 0329B930 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: eb447fa3c9382be8e0bc88c0870632d5456a0ae1b41da116bb95320db71eddfb
                                                                                                                                                                                                                                      • Instruction ID: 79fa30908330140c398a7a12f8956541d76809a5227b712cee32060eee8f679e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb447fa3c9382be8e0bc88c0870632d5456a0ae1b41da116bb95320db71eddfb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45614F32E0061A8BCF15DF68C8546DEB7B2FF99300F218655D949BB211DF706E86CB91
                                                                                                                                                                                                                                      Function 064F0E1F Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6d0868ec78b45725bc97da895c1f117fc60cdc7497b7d0d488f47cc5487bfe7b
                                                                                                                                                                                                                                      • Instruction ID: 46cc5377a30241735a438597621c79294fec0ff33386c2f60f27a8fa465658c9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d0868ec78b45725bc97da895c1f117fc60cdc7497b7d0d488f47cc5487bfe7b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E381D274A10219CFDB15CF28D894E99BBB2FF89210F158196E849DB362DB30ED85CF60
                                                                                                                                                                                                                                      Function 060E6908 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 08f2bffabe2a1bea8519bb3c4a1a65d565b6b8fb5b4bb892503728763d95525d
                                                                                                                                                                                                                                      • Instruction ID: 5fb705670a314385fc9187efcdd5726a428cd274377402526d6ec91a5e3477e2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08f2bffabe2a1bea8519bb3c4a1a65d565b6b8fb5b4bb892503728763d95525d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC513B757506208FC788DF28D89896D7BF6FF89B11B25409AE906CB3B2DA35EC018B51
                                                                                                                                                                                                                                      Function 064F8398 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cf63341eab672b5c821a5184a447b6fcbe13a52dd70aa5bd826ff7499ec39ea5
                                                                                                                                                                                                                                      • Instruction ID: 914ae3f39dae7a19a3dc092db53b4c9e13667caf2427e483317b9b209897195c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf63341eab672b5c821a5184a447b6fcbe13a52dd70aa5bd826ff7499ec39ea5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93612974A106018FCBA4DF29D59496ABBF6FF88310B24956EE506CB761DB34EC05CB90
                                                                                                                                                                                                                                      Function 064F2B70 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 854f0f9cc55dc3eeb6bdf44b3905b5e7c46c51468e1d1ac6eb8182576d52e54e
                                                                                                                                                                                                                                      • Instruction ID: 26efbfcbe38994c54867f6526c3a77b12fa210fc31c3339fd3ec5fb55a799d67
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 854f0f9cc55dc3eeb6bdf44b3905b5e7c46c51468e1d1ac6eb8182576d52e54e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95717B74A106059FDB24CF68C584D9ABBF2FF8C310B2085AAE45A9B762DB31ED45CF50
                                                                                                                                                                                                                                      Function 03299879 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d6cfae3df63f7a52a0a9d860dcbe0c584d539542b9d01f82c1ed9d3a2dcf09cc
                                                                                                                                                                                                                                      • Instruction ID: 31883b3ffdff6aa64148b2bd4431e030b686bafb1c59502970c371ddf80ed736
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6cfae3df63f7a52a0a9d860dcbe0c584d539542b9d01f82c1ed9d3a2dcf09cc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA719171A107458FDB25CF28C540A9EBBF2FF49320F184A5EE496AB6A5C730E985CF50
                                                                                                                                                                                                                                      Function 064F83A8 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: eea4997019d7ca7f9ebea4abf18903cf60138c7aef8c5b5e4f376d41796e66ab
                                                                                                                                                                                                                                      • Instruction ID: ff6bd6370f3059691814e23b4266707fb966aa243090f3d702882d47366e172e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eea4997019d7ca7f9ebea4abf18903cf60138c7aef8c5b5e4f376d41796e66ab
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B611774B206058FCBA4DF29D59492ABBF6FF88310B24956EE50ACB761DB30EC05CB50
                                                                                                                                                                                                                                      Function 060E4A69 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b26d66dab41b4a5fa857512eefbd94f16e11a536b7a320be89b78ef18d75d077
                                                                                                                                                                                                                                      • Instruction ID: 1a3e7a6275d93b025c9f8a1a240fd0140e0a01f63092791d4824ddcdd0dab7d5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b26d66dab41b4a5fa857512eefbd94f16e11a536b7a320be89b78ef18d75d077
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9612B75E002099FCB48DFA8D58099DFBF6FF88310B15859AE815AB325DB30ED46CB90
                                                                                                                                                                                                                                      Function 060ED050 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: eac0fa48ad56910c0c72640ec17db195986c36711a09b1962d546295874835a2
                                                                                                                                                                                                                                      • Instruction ID: efed668844a98dbaa0bee37e5b02146c15e45800bbfce21b31875a8c61cbeb0a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eac0fa48ad56910c0c72640ec17db195986c36711a09b1962d546295874835a2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC518030B402168FDB98DFA8D89466E7BE6EF88300F048569D916DB395DF34DC05CB91
                                                                                                                                                                                                                                      Function 064F0765 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6d01118d83fd6e69687db9872f5f9a0366398491e4a253e102b0b57677396f77
                                                                                                                                                                                                                                      • Instruction ID: 7d2ebc8e6cec0849161d4dfd9b50079e6bd946c255d734e222e8d111ae45874f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d01118d83fd6e69687db9872f5f9a0366398491e4a253e102b0b57677396f77
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26517A35B102099FCB49DFA8C4908AEBBF2FFC9310B21806AE506EB355DE709D468B51
                                                                                                                                                                                                                                      Function 0329BE98 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f811e55dc1f2f1adddac22b18d36dd75abfa6985b396f8e5cf9a834918824ed0
                                                                                                                                                                                                                                      • Instruction ID: 33b51a857b816473e4c9a429362a7364905a8e165cdea68272e1699309727d62
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f811e55dc1f2f1adddac22b18d36dd75abfa6985b396f8e5cf9a834918824ed0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4751F830E182E56ADB21C7A9945026DBFA69F86200F2CC49BF0A55F646C33799C3CB65
                                                                                                                                                                                                                                      Function 0329ADE0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 120a0f9d375acf269862cfbb22fff97d2d28e93f1eda767d66b5c5429f1a9160
                                                                                                                                                                                                                                      • Instruction ID: 159e41fdeb870778d1b4e34c91a638683e09f66316e858dab2260a864cfeb429
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 120a0f9d375acf269862cfbb22fff97d2d28e93f1eda767d66b5c5429f1a9160
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5851C071A0030A8FDB14DF68D490B9EBBF1AF88310F14856AD549EB350DB75AE49CBA1
                                                                                                                                                                                                                                      Function 064F5930 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4620a3e154a4c5d79f59c5faa61958eb9b4b8f7bf6d5641d912d6f06965b83c3
                                                                                                                                                                                                                                      • Instruction ID: a2a4e36a2ec7b072c7f12ac53443febf851ccb9ac81f87459b38f20e08c0e3ad
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4620a3e154a4c5d79f59c5faa61958eb9b4b8f7bf6d5641d912d6f06965b83c3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA516230A10701CFC769DF69E98495BBBF6FF88310B144A29D55A9B7A8DB70E805CB90
                                                                                                                                                                                                                                      Function 060E3998 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ff0c840997b2f4944fe76b8d9cba583fcbd637ba474252af5399f6568cda9161
                                                                                                                                                                                                                                      • Instruction ID: 621bf353cdaf2e6b9a2a361ee0b94164ebd04b504fa0a754a3154e53fb0f017f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff0c840997b2f4944fe76b8d9cba583fcbd637ba474252af5399f6568cda9161
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2516D30F402158FCB98DF69D490AAEBFFAEF88310F248429E906E7354DB749D058B90
                                                                                                                                                                                                                                      Function 060ECFF7 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 16b9c650fe7ca5a4222253d5d1e725eba19de42633b36ed23771de7f291c2a89
                                                                                                                                                                                                                                      • Instruction ID: 8193938ab19ee86674525611a1988fea5739cb312c815d1ace581aeb2661664e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16b9c650fe7ca5a4222253d5d1e725eba19de42633b36ed23771de7f291c2a89
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81412630E443515FC7969B78D8A47AD7FB6EF86310F0841A6E951CB3E6DA28CC06C790
                                                                                                                                                                                                                                      Function 0329A950 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4e33c5eaa353bbc35d2d2e251cbf4371bba6664c4e208194f5cf21387b74c600
                                                                                                                                                                                                                                      • Instruction ID: c3bce6238bc3ec099c9607f1aa2fa39e82ada0d1e3d5c699bb2718b89a47fb46
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e33c5eaa353bbc35d2d2e251cbf4371bba6664c4e208194f5cf21387b74c600
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3419D357102018FDB18DB38C994A7EB7F6FFC8214B2489A9D50ADB3A4DA34EC428791
                                                                                                                                                                                                                                      Function 060E39A8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5ed0eb1b5022d69664f4ce62f59505937d57f62eb8fc93d4e0f4ed6367f5dd97
                                                                                                                                                                                                                                      • Instruction ID: ee277f31e9b0b2502954521973343d2ebb6dce9753eea722a54f56c18efed3d6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ed0eb1b5022d69664f4ce62f59505937d57f62eb8fc93d4e0f4ed6367f5dd97
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98512B70F402149FCB58DF69D590AAEBBFAEF88310F148429E915EB354DB74AD058B90
                                                                                                                                                                                                                                      Function 03293428 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c3e82aed50ac9b3282da2dc861221ceecfcb3c2c37774421e2cc618dff7b9927
                                                                                                                                                                                                                                      • Instruction ID: 2e823cd60fbfef8b233a9b676a5996977ccc4d7c7047a156561d4c709a5e343e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3e82aed50ac9b3282da2dc861221ceecfcb3c2c37774421e2cc618dff7b9927
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B41E7357043159FDB05DB69E854A6EBBEAEF89314B0480AAD609CB350EF34DD41C790
                                                                                                                                                                                                                                      Function 060E6DF8 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8ede8457ef6207006b34c40107d1517cbbb91ac15a133d08e31f2bae05af31e6
                                                                                                                                                                                                                                      • Instruction ID: db06a900912eb360f539b127892dd96f985832da4f21f2fe009a9e77579d270d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ede8457ef6207006b34c40107d1517cbbb91ac15a133d08e31f2bae05af31e6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1415A75B002158FCB04DF69D984C6EBBF6FF8961071541A9E919DB371E631EC01CBA1
                                                                                                                                                                                                                                      Function 064F00E8 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9fa5ce2675389d3e1ab88e238439ef2a823a1c1a75882f2edd4b4d1569b88984
                                                                                                                                                                                                                                      • Instruction ID: d9c0cac22230486f45eade04c24727a3bc32622fd10609e144622cb3b0360d82
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9fa5ce2675389d3e1ab88e238439ef2a823a1c1a75882f2edd4b4d1569b88984
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8512634A106098FDB54CF59C994A9EBBF2FF89710F15815AE806AB366D731AC41CB90
                                                                                                                                                                                                                                      Function 060E603B Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9779cef1ed21d18942b8bee2f1e22340bc7c82aec6ebd7ca3ac0a3b31d30cf44
                                                                                                                                                                                                                                      • Instruction ID: f0c72ca69295477ee764388196fcf6ea40233bdf9cd7c6701ce1656d1c04498d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9779cef1ed21d18942b8bee2f1e22340bc7c82aec6ebd7ca3ac0a3b31d30cf44
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9641A331B503209FDB65DBB9E45466E7BE6EBC8310B048578E90AD7344EA76EC018B91
                                                                                                                                                                                                                                      Function 064F7A2D Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1e7fb31146bf55a1319760ceaee25333afc9d1d7e86bed06eb9b30ae1ba89dba
                                                                                                                                                                                                                                      • Instruction ID: d959c38af06910d4aa96a27cbdadae67b8958a1d089792add3b19a202fbc85c0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e7fb31146bf55a1319760ceaee25333afc9d1d7e86bed06eb9b30ae1ba89dba
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0241D231B087409FC715DB38E85495BBBFAEFC6710B0545AAE54ACB3A1CA34ED05CBA1
                                                                                                                                                                                                                                      Function 0329D738 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e7696cc4ff0102d9ac5c3757705b7274c1937c98bd4902e90d5baf980d11987c
                                                                                                                                                                                                                                      • Instruction ID: 8455288330237dc6390f994c5bdec10ad23d78be226c695819e366397764b4af
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7696cc4ff0102d9ac5c3757705b7274c1937c98bd4902e90d5baf980d11987c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B4419A357002028FDB04DB78D8446AEBBA6FF88305F24857AD409CB361DB35DD86CB91
                                                                                                                                                                                                                                      Function 03299C4F Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f3678ba6dc99ceade6b41f686724aa3c1fa9736d9013a33f4cf953eef0b16491
                                                                                                                                                                                                                                      • Instruction ID: 0160021b75926e39452d2175efb7ea3ad9e2a01c821845202ecfad39f154dfbf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3678ba6dc99ceade6b41f686724aa3c1fa9736d9013a33f4cf953eef0b16491
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8751C071A007459FDB25CF29C580A9EFFF2FF48220B148A5EE49A97655C730E884CF60
                                                                                                                                                                                                                                      Function 0329EB90 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6ef4ed8c0080c23a9df9eaeed92ff11db31a59ab1f742f4c4d65ab8d9d9817da
                                                                                                                                                                                                                                      • Instruction ID: c3c6ee685da825b31c2a4a3b97343cbe53ff9dee0b017c2f38a1eb7b2c65a483
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ef4ed8c0080c23a9df9eaeed92ff11db31a59ab1f742f4c4d65ab8d9d9817da
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F741BF71A007459FDF25CF28C54099EBBF2FF89310B184A5EE096AB665C731ED85CB90
                                                                                                                                                                                                                                      Function 064F8208 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5c796eec074c5068019e4d73305ed97d266fa7a353c59cf90b4bd55e2815007c
                                                                                                                                                                                                                                      • Instruction ID: 9c203ab9de2fddb1fbe56cf87b0dafad2aaada4d3cefaea771c695ca5f2eacd0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c796eec074c5068019e4d73305ed97d266fa7a353c59cf90b4bd55e2815007c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66414875B106049FCB61DF69D888E9ABBF1FF88310F1585A9E646CB321C731E848CB50
                                                                                                                                                                                                                                      Function 064FA848 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0fc7ac166ab26a810650dea81956a2b01e7c54104ec8e4cb626d07ca65585b7d
                                                                                                                                                                                                                                      • Instruction ID: 6357521bc4f4b6fddb283a9aaabda425bfe47d007645d8a8f213647f3771325e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0fc7ac166ab26a810650dea81956a2b01e7c54104ec8e4cb626d07ca65585b7d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F941B0306046048FD728EF29D89099FBBEAFFC4300B048929D55A8B654DB75E90EC7D1
                                                                                                                                                                                                                                      Function 03295C00 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6fea7a4b92868b44f31e7cf859a24f021502ad674f9e3fad8ad422d79ff1112f
                                                                                                                                                                                                                                      • Instruction ID: e9c8bbcee5838199725f531452abc65e815edf3b1910db9db6ac3a03f8d83a83
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fea7a4b92868b44f31e7cf859a24f021502ad674f9e3fad8ad422d79ff1112f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A418270B2421A8BDF05DF65C984AAFB7BAEF85200F24843AE406D3354DB74DD46CBA1
                                                                                                                                                                                                                                      Function 060E6961 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 30a468fbd93152496ad6fb0d9e8a10559684e453f60a3c3484b56e2f41e547c0
                                                                                                                                                                                                                                      • Instruction ID: 811512a55b2dd7525324692546fa741033cdf168729e0cb36589a29717fa48b1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30a468fbd93152496ad6fb0d9e8a10559684e453f60a3c3484b56e2f41e547c0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D341F6757605208FC788DF28D988A297BF6FF89B11B1180AAE906CB371DB71EC01CB51
                                                                                                                                                                                                                                      Function 064F13BD Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5d3c2ab56ad94ec58e1a52c32f937f351beb710e4c72beb83eedcdd24b5d8e4a
                                                                                                                                                                                                                                      • Instruction ID: b4e8a631e77129d37651ab5315ae6e33cd1a217a98b5ed9cab077a86324ccc9d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d3c2ab56ad94ec58e1a52c32f937f351beb710e4c72beb83eedcdd24b5d8e4a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12411B34A10215CFDB44DF68D494A9DB7B2FF89310F2481A9D809EB325DB35AD45CFA0
                                                                                                                                                                                                                                      Function 060EC9F9 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 570032adb5a6d5a1b2dcd0ee30552862467f14da0a27d64eca4da963a3d300ce
                                                                                                                                                                                                                                      • Instruction ID: 03079f978b7f839ce840f6200e1762f1ee8268574c77e5dde43fba1b5fc45d1e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 570032adb5a6d5a1b2dcd0ee30552862467f14da0a27d64eca4da963a3d300ce
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C31D2353403109FC355DF29D49485ABBE6EFC9220719C56AF96ACB321DB30EC05CBA1
                                                                                                                                                                                                                                      Function 064F22C1 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2005efe5f8829d9394742a1172345acfbe189bf14189646e2bc20eaaecb489ee
                                                                                                                                                                                                                                      • Instruction ID: a2b399a5b11aadb6a2e666d4d03abd4f7af14651f6e47caf15722ff23637590a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2005efe5f8829d9394742a1172345acfbe189bf14189646e2bc20eaaecb489ee
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E419371E197969FCB02CF68CC505CEFFB1AF8A300B198197E844EB256D7705906C761
                                                                                                                                                                                                                                      Function 064F00D1 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d68402d9ffbcd9d9f45aed60e034698bc28e326eae50125102e909fd3e9b3b21
                                                                                                                                                                                                                                      • Instruction ID: b722238471c40aef4b0ccd7019933c05535fa6607d888a23956bc54f6c56295c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d68402d9ffbcd9d9f45aed60e034698bc28e326eae50125102e909fd3e9b3b21
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9411938E10605CFCB15CF59C994A9ABBF2FF89610F15819AE806A7366D731EC41CFA0
                                                                                                                                                                                                                                      Function 060E2168 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c62624de1d85f91f96be0b001bdd9c2c8e340a86e1c4762a0cbb22b10c8edf27
                                                                                                                                                                                                                                      • Instruction ID: 10a45b2123935422c90c27f64d77d6969dec53f16c0ecd795922bda01c6220bd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c62624de1d85f91f96be0b001bdd9c2c8e340a86e1c4762a0cbb22b10c8edf27
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4731E531F50115AFCB84DFB8D89099EBFF6EF89310B14846AD845EB214CB319E45C7A1
                                                                                                                                                                                                                                      Function 064F7C08 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5a13ba63f540f13cd2c2ba9bcca6f2301ca5e072aa7880a02fe58d37a6b491d7
                                                                                                                                                                                                                                      • Instruction ID: 4727e573086171265b8003090ffc906b0afcb1e6dee0f0bd28e3f1bc7d9d249d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a13ba63f540f13cd2c2ba9bcca6f2301ca5e072aa7880a02fe58d37a6b491d7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA4191306107008FD7B5DF29F98456AB7F6EF84310B60472EC5568B7A4DB38E90ACB91
                                                                                                                                                                                                                                      Function 0329B1B8 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4043368928a58596eb218efdc2eff826a9157515a7078ee67237bd3378599469
                                                                                                                                                                                                                                      • Instruction ID: 29a614c1a2518113bf868e00935c4d560b870979fd5d3efd0dc826c474b1232a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4043368928a58596eb218efdc2eff826a9157515a7078ee67237bd3378599469
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A417335E1421ACFDF14CB79E45499DBBB6EF88310B24826AD505AB325DB71AC85CF80
                                                                                                                                                                                                                                      Function 0329C5F7 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 931fcc82348f459274d6f949cef72fa4796d8148787c770386ef80f2c2c4a61e
                                                                                                                                                                                                                                      • Instruction ID: af89adae9148c9e49b136f5f9c03b37d79bcffd0455bc3a523892027aa91f7db
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 931fcc82348f459274d6f949cef72fa4796d8148787c770386ef80f2c2c4a61e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E63127729103668FDB25CF28C9405DABBF5FF89300F18866BC49597265D730E885CB90
                                                                                                                                                                                                                                      Function 060E29F8 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 97ed1e7fac15e3cd6147c76f4b736ffe7472447052b02ad7406920fb90fb7599
                                                                                                                                                                                                                                      • Instruction ID: fc59c47645bae04e24c634c50bce8826ba150bf0319a5c4e0195645489fd5c57
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97ed1e7fac15e3cd6147c76f4b736ffe7472447052b02ad7406920fb90fb7599
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04313A30F402158FCBA4DF69D954AAEBAFAEF88340F108029E816E7354DF749D05CB91
                                                                                                                                                                                                                                      Function 0329F94D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2b0319a385eec7c9bfe163787035fdb955b95027bf5a58fdb62c2cecdf5397c6
                                                                                                                                                                                                                                      • Instruction ID: 57e08933972d963b13adabbd3617715e4e0ef2de20d96712c6cf67f658a7378d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b0319a385eec7c9bfe163787035fdb955b95027bf5a58fdb62c2cecdf5397c6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D831A130B142069FCB01DF78D5649AEBBF9EF89210714849BE445CB365D630ED45C7A1
                                                                                                                                                                                                                                      Function 064F7538 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 110de1354542a9b8e58e5aa78aefe1ca6efa21ebd8e69e0eb12b917985f48f54
                                                                                                                                                                                                                                      • Instruction ID: 71a42513e6729f26489216d6bae1d9199021352e13edd5b5e9cd2c35a0026513
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 110de1354542a9b8e58e5aa78aefe1ca6efa21ebd8e69e0eb12b917985f48f54
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F62108307242A45FD7529778A41476A7BE5EF8A710F0440ABE24ECB792CA24DC0587D5
                                                                                                                                                                                                                                      Function 064FA7B7 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e4a5630cb37bb9bcc65e91af9e591e2fc633c8ad94ab6b74f377edff1cb55917
                                                                                                                                                                                                                                      • Instruction ID: 3e259c9bd64eb577d981de06169f60ce2cbdedcbf293cb07643b1e47c2266cc7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4a5630cb37bb9bcc65e91af9e591e2fc633c8ad94ab6b74f377edff1cb55917
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37313031A047409FD7199B29E8406ABBFE6EFC9340F04893EE54ACB350DA71D94AC7A5
                                                                                                                                                                                                                                      Function 060E29E8 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1bfeb50b28f06ed90d9ddc26f5f8357027bf78ec1086af992066171cc597c15c
                                                                                                                                                                                                                                      • Instruction ID: 705eab46ee995af40949f975f3f5a2523df179948044dcb708ac05867bf8716d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1bfeb50b28f06ed90d9ddc26f5f8357027bf78ec1086af992066171cc597c15c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78314B30B402158FCB59DF69D564AAEBBFAEF88300F148429E846E7354EF749D01CB91
                                                                                                                                                                                                                                      Function 060E99E0 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7b6424b9f6a722a347274b0914789c59eee0b4cf33c12745cc71a322cecda47a
                                                                                                                                                                                                                                      • Instruction ID: 7eca1aaf363b4f50785db536b1e722c4f67cdd86faf908ed999e76cc119ef7d6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b6424b9f6a722a347274b0914789c59eee0b4cf33c12745cc71a322cecda47a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B231D030A403269FCB95CF69D840AAEBFE5EF89310F14856AD446DB3A1DB31D842CBC0
                                                                                                                                                                                                                                      Function 0329DBB8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c54b6aef6c27257e4229eaead4c3186f652440a1e021a7e288043ad5a4b24fc6
                                                                                                                                                                                                                                      • Instruction ID: 6d3f3ab90af80afb6ca2b5c7840d68debcace79f47e0ecc7eeb82b12bdcb9b05
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c54b6aef6c27257e4229eaead4c3186f652440a1e021a7e288043ad5a4b24fc6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A318F757002165BDF04DB69E9A0A6EBBAAEFC8350B04842AE905CB348DF74DC45CBD5
                                                                                                                                                                                                                                      Function 060EBF28 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c2d1d587be063c6abe3e64b84133e69467d3c33cc2dc929210b82826a9c1ee4a
                                                                                                                                                                                                                                      • Instruction ID: 4f1b9664e9841fa127e783fc85554b7c19e959bcd3b7f05d0867c3acc5317336
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2d1d587be063c6abe3e64b84133e69467d3c33cc2dc929210b82826a9c1ee4a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C219435B80124CFEBE9462894957FE7BE7DBC8151F158927E517C3380DB398881CB92
                                                                                                                                                                                                                                      Function 064F2498 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d55293a01afcfea6f412883fb94f1eef33bfb17e4b3ef400eedcf7c3b25e4a53
                                                                                                                                                                                                                                      • Instruction ID: 9d2d20c6ba3c6a035aa866cdc57abe59460e8856d597815c944ce86f8263cd6a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d55293a01afcfea6f412883fb94f1eef33bfb17e4b3ef400eedcf7c3b25e4a53
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09316D70B006058FDB14CFA9C58099AFBF6FF8C220B14956AE49AAB765D730ED41CF90
                                                                                                                                                                                                                                      Function 03290BE2 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 54d9edd0e3c5b6ea9fa9cd17a8f5137062cbd0b76b2f3b97d0624d6de9f8b7cd
                                                                                                                                                                                                                                      • Instruction ID: 3cb9c951d9bb40fa4e7b1cc1c31b5465c8d8eed538bc6ab2099111cbfd05415c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54d9edd0e3c5b6ea9fa9cd17a8f5137062cbd0b76b2f3b97d0624d6de9f8b7cd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4317C35B102069FCB08DF78D854AADB7F6FF88304B2585A5E50AAB270DB71DD42CB81
                                                                                                                                                                                                                                      Function 03290AB7 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 038694f8fc154028099d0c582622520cf7822f7d72caaa5077a2469076a5c9fb
                                                                                                                                                                                                                                      • Instruction ID: 6e902fca81437cb9d78ae7d14cd66302a8c122119aeb69b3fef7aed0b9278e94
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 038694f8fc154028099d0c582622520cf7822f7d72caaa5077a2469076a5c9fb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA31A335B002069FDB09DF78C855B9DBBF6FF88300F248669E505AB3A4EB759D428781
                                                                                                                                                                                                                                      Function 0329EA4F Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1d97af414c889b360046a743db20d5e0943d172cef28a356b8447f61a1355679
                                                                                                                                                                                                                                      • Instruction ID: cff2ccf29804621162ba41ae36faf1009d3f47db58df6d0c4bb2527d20c95136
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d97af414c889b360046a743db20d5e0943d172cef28a356b8447f61a1355679
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A31CE32D0430A9FCB02CFA8DC404DEBB75FE9A320B154657E450BB260E774695AC7A1
                                                                                                                                                                                                                                      Function 03290AC8 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 164373a867f692b12b4f03561048f2c53dbe8f2a6bbafc3c549d0b0da542f639
                                                                                                                                                                                                                                      • Instruction ID: 324c951a2b324c975477ba09a49a210245b87f74d5c3b6d74c246d14ef534fe6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 164373a867f692b12b4f03561048f2c53dbe8f2a6bbafc3c549d0b0da542f639
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3531A131B002099FDB08DF69D854A9DBBE6FF89700F2585A9E509AB360EB719D418781
                                                                                                                                                                                                                                      Function 060E26E9 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c35dd22ee702982c90722f88dc71d5f6844ed4a81cb8fc2cf7cdfbe5a12bd730
                                                                                                                                                                                                                                      • Instruction ID: 9a9f53552e7edcd8eb39886a36b01c4b4d905ff5648f14e236dc2f26da19afe8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c35dd22ee702982c90722f88dc71d5f6844ed4a81cb8fc2cf7cdfbe5a12bd730
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2319030A502159FDB14DFA9C855AAEBBF6FF88300F148429D406AB394DF749E06CBD1
                                                                                                                                                                                                                                      Function 064F2565 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 143ef7ed55888c008c79bdb84574da4a92b0db42d14eb59d8503fc90f7dd609d
                                                                                                                                                                                                                                      • Instruction ID: f6e23f00698397741cb18f1a41d84ac5438a0594f83a9d9b56dc0ec6d947d1e2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 143ef7ed55888c008c79bdb84574da4a92b0db42d14eb59d8503fc90f7dd609d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF315A36B106108F9B55CBACD44486EB7F6EBCC32071A8096F91AE7325CA70ED028B91
                                                                                                                                                                                                                                      Function 060EB650 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 25c681d4e8423452b89bc3b1c60f2522095d47fa11dc27a46d8dd6541c45ce44
                                                                                                                                                                                                                                      • Instruction ID: 7e0f6a0a131170b15c22aca3ae280838bc057d39301f873c7cc68f6d196feb67
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25c681d4e8423452b89bc3b1c60f2522095d47fa11dc27a46d8dd6541c45ce44
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1831CF31B002158FCB45EBA8E8945AEBBF2FB88301B04847AE516DB341DB30ED05CB91
                                                                                                                                                                                                                                      Function 060E6CF1 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 453946cec361a7f1e1929b3174311a50f4689e25ffe696104a3f5a2dc2e27a39
                                                                                                                                                                                                                                      • Instruction ID: 2aa3956f432486b94c199d06d654f8df0c340a77398e5d9104557e12c0857794
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 453946cec361a7f1e1929b3174311a50f4689e25ffe696104a3f5a2dc2e27a39
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74316B347002158FC744DF29D998A6ABBFAFF89700B1581A9E506CB3B2DB71EC00CB61
                                                                                                                                                                                                                                      Function 064F5920 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c4cc02c7a0536be2fccbe2f937a2892d6cacbc0e2e57678dbf890d7f93a9ef4a
                                                                                                                                                                                                                                      • Instruction ID: 0aad71021a3553c0222f82d9ccbccc2832d913f3b699d6ae1aea63f5d4bede08
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4cc02c7a0536be2fccbe2f937a2892d6cacbc0e2e57678dbf890d7f93a9ef4a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1631A130910701CFCB7ADF6AD98499BBBF2FF98310714462AD14A97664EB30E901CF90
                                                                                                                                                                                                                                      Function 0329FA95 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8ff440ebd135b95c1e78f765b40ac458645db3cf392224f24cee9803aa5d461e
                                                                                                                                                                                                                                      • Instruction ID: a4cfbf666aa8eda68c45c7bc3453141df8f769941d032c71c2b1eb978d8beb22
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ff440ebd135b95c1e78f765b40ac458645db3cf392224f24cee9803aa5d461e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0318E30B142069FCB04DF78C55499EBBF9EF8921071584ABE85ACB3A9DB30ED45CB91
                                                                                                                                                                                                                                      Function 064F2B69 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ca38fed6132f61c196a5d145956bba4bdde5667676cd41c18a48de867327eb9c
                                                                                                                                                                                                                                      • Instruction ID: b059fcb01562355a7e029302c411e620becf5c434dc30189338089de721f95bc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca38fed6132f61c196a5d145956bba4bdde5667676cd41c18a48de867327eb9c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3317C39A106059FDB14DF68C98499EBBF2FF88210710856AE90AA7365DB30ED05CF50
                                                                                                                                                                                                                                      Function 060E6D00 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1bc6f840fd3b2c05de50ddd463561a7e326b4beedbae49591e3d06c353723927
                                                                                                                                                                                                                                      • Instruction ID: f112365fb52fb7f594f780e06a09e652993e27d8e6f3c9475903db2d3faecadf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1bc6f840fd3b2c05de50ddd463561a7e326b4beedbae49591e3d06c353723927
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED314A347402158FC704DF6AD984A6ABBFAFF88700B1581A9E506CB3B1DB71EC00CB50
                                                                                                                                                                                                                                      Function 064F5210 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d2be71d4572808eaa4530b7cffb660050116799aa74bfba06e13fa94c7cc167e
                                                                                                                                                                                                                                      • Instruction ID: f7ab60370eb5dd46d7126426dd9c3370bbf518899811d60b6693609b9e70d2f5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2be71d4572808eaa4530b7cffb660050116799aa74bfba06e13fa94c7cc167e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC216B34B102059FCB54CFA8D888AEABBF5EB59350F15856AE906E7351DB32DD01CB90
                                                                                                                                                                                                                                      Function 064F2301 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f7b6dbbb9f167f5a675a86796c5da21cddb7b0cdc4bb21da58b4eb2a2ae2df7b
                                                                                                                                                                                                                                      • Instruction ID: 6ea5256e1c65717e1d8ee7a5ad1b63c5bcccde7a4645dd9672f58d83fb73852a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7b6dbbb9f167f5a675a86796c5da21cddb7b0cdc4bb21da58b4eb2a2ae2df7b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC219F71E1121A9FCF41CFA8C8805DEFBB2FF89310B158217E805BB254D770AA468BA1
                                                                                                                                                                                                                                      Function 064F05E1 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2796b08254392fc2bc148c708632d72affe3d5b81dd6e18a327d3e03e0699e58
                                                                                                                                                                                                                                      • Instruction ID: 72e26d412ea079b1e242ec6127efc38963632eb81e4601ecc52d293f32e4d8d0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2796b08254392fc2bc148c708632d72affe3d5b81dd6e18a327d3e03e0699e58
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3621EA34B11341AFDB55AF24D464AAF7BB1AF85600F14405BE515DB392CF309945CFD1
                                                                                                                                                                                                                                      Function 060E2058 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b8ed28471dd8c5718a52856a50f54d3c5bc35661e794ad47e62d8258caf90453
                                                                                                                                                                                                                                      • Instruction ID: cb0309c6683a10ad5267fd55dda31a550562ea11b09b4c0b6bb7dfd78f69becc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8ed28471dd8c5718a52856a50f54d3c5bc35661e794ad47e62d8258caf90453
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D210670A007058FDB64CF69C54098EBFF6FF88310B1485A9D45AA7390C731EE44CBA1
                                                                                                                                                                                                                                      Function 0183D200 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2336519306.000000000183D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0183D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_183d000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: df90ca00db73b0854f0023a416b183d1aef473cb2f86ec984d689a4986b814e7
                                                                                                                                                                                                                                      • Instruction ID: 423f18233e15de2b5d228be1853e068799180b1f81e42bd165ae0bc89bfc9750
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df90ca00db73b0854f0023a416b183d1aef473cb2f86ec984d689a4986b814e7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD21E271500244DFCB059F98D9C0B16BF66FBC8324F688669E9094B256C33AE516CBA2
                                                                                                                                                                                                                                      Function 0183D55C Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2336519306.000000000183D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0183D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_183d000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: dfd98a44344a98da9126711c38bd72abfd940a6b4be2748e2cfcab248fd0727e
                                                                                                                                                                                                                                      • Instruction ID: 3154a13442419844b620c5c7ff7683a347f5e7d4546ea0d9bd8cc074a92d3324
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dfd98a44344a98da9126711c38bd72abfd940a6b4be2748e2cfcab248fd0727e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D210871504204DFCB06DF98D9C0B26BF65FBC8314F68C669E9094B296C33AD516DBE1
                                                                                                                                                                                                                                      Function 064F8B20 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2fbc6fba62058f39243ed3165c83a4be25c6c82c84eb936175695e953e993720
                                                                                                                                                                                                                                      • Instruction ID: 2fd52b2e85e3de7c87aa424b71da161995a4218cd8e11bb0f47e531e4f2fbe3b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fbc6fba62058f39243ed3165c83a4be25c6c82c84eb936175695e953e993720
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6021577220A3805FCB469B34EC118A93F35DB4721530840D7F24ACF263CA159C06C7F2
                                                                                                                                                                                                                                      Function 064F4939 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9c26c4c8c882aedbed4687064e374df21475a747efd5cc30bac1dabeb3def7a4
                                                                                                                                                                                                                                      • Instruction ID: 1232b8c1824df660ffefe54271f0654b414376a5a74b8e7d8cf70470194b1629
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c26c4c8c882aedbed4687064e374df21475a747efd5cc30bac1dabeb3def7a4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA213C343106018FC754DB39D994D1AB7EAEFC931471484AAE54ACB376DA30ED05CB91
                                                                                                                                                                                                                                      Function 064F12B5 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d967088dd29bdb61f10ccb7c21a168c158719e1947b0b4fc7345f0df3ef60898
                                                                                                                                                                                                                                      • Instruction ID: 8ba584dcbb6916b6a8e7bda1ad678a32d32f3921293ea6578f22aed0dcf43b2b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d967088dd29bdb61f10ccb7c21a168c158719e1947b0b4fc7345f0df3ef60898
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73313C74A00215CFDB14CF64C890A9DB7B2FF85300F1080A9D409EB365DB31AE86CFA0
                                                                                                                                                                                                                                      Function 064F6DC8 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 424c72de80d12ba526a3c2d8601652c4819ab4f9e9a69332dd159adce9f91cd1
                                                                                                                                                                                                                                      • Instruction ID: 4fb0f2a90608d8eb2f709b3e8650f88ced38269a885a6b77dd6c547933737e3d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 424c72de80d12ba526a3c2d8601652c4819ab4f9e9a69332dd159adce9f91cd1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D215375A0021A8FCB50DFA8D9849AFB7F6FF88310B108569E916E7350DB30E905CBA1
                                                                                                                                                                                                                                      Function 0329CE30 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 16de337461c1359ff3185afac4a131dc90a78a9ace577808ba3a22183eedcaa1
                                                                                                                                                                                                                                      • Instruction ID: efc3e8dbc505e63aab7bbc1f40a9b628eb84a77e22c38cc44877a8d953dfe972
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16de337461c1359ff3185afac4a131dc90a78a9ace577808ba3a22183eedcaa1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E1190313003215BDA1596AEB8D0A6EB69EDFC8254B44843BEA0ACB314EEA4ED4547D5
                                                                                                                                                                                                                                      Function 03297967 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 72d8f884015223170ab92191c93127b83b78c6430ef69227d1afc3839bcc0077
                                                                                                                                                                                                                                      • Instruction ID: 90ea75bc15252421a2dcb8c9cbffa504d346b4389daaf04078630c259d242508
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72d8f884015223170ab92191c93127b83b78c6430ef69227d1afc3839bcc0077
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E313874A1030ADFDB05DF68C458A9DBBB2FF89320F144259E405AB3A5C7759D85CB90
                                                                                                                                                                                                                                      Function 0184D22C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2336567858.000000000184D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0184D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_184d000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bbeac7e220de5cceda95e4157834611aafc9a6ea7fd79be4ad7879c71b1135df
                                                                                                                                                                                                                                      • Instruction ID: c9ec6e0895fd91411effecfebd4dbdd04ad4c484e7bcc026f9878d0f8b646c68
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbeac7e220de5cceda95e4157834611aafc9a6ea7fd79be4ad7879c71b1135df
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33213771504208DFCB05DFA8C5C0B16BF65FB98324F20C66DE9098B356C77AE506CA61
                                                                                                                                                                                                                                      Function 060E8FA3 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 43a1f970660861f206afd23675b5d184afece00c84ba514f7c799392a03465b5
                                                                                                                                                                                                                                      • Instruction ID: dbac5569f2f8e0440c2e69bf31e85bc3fa83d69c206a2dbb2aa4f4699a39658a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43a1f970660861f206afd23675b5d184afece00c84ba514f7c799392a03465b5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E216D342903058FCB19DF68E480D99BBBAFF843557008B65E4598B626D738FD4ACBE1
                                                                                                                                                                                                                                      Function 064F0006 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7eaa97ebd22a3e99a894f5e61f05a9edfe4577e8ae986ee59eea3f18b65bef91
                                                                                                                                                                                                                                      • Instruction ID: 1a3deda04ce41135b7833244eab4204b35b22fdd3f4b40f9dc0b626427e114c7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7eaa97ebd22a3e99a894f5e61f05a9edfe4577e8ae986ee59eea3f18b65bef91
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE2126316153855FDB02CFA4CC209AB7FB5AF46310B09449BE145DF293D6749D09C7A1
                                                                                                                                                                                                                                      Function 064F9D80 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 84d650c6b2125664e1c8157ee6b567f311813bab843622668a32f6dcd7bbb558
                                                                                                                                                                                                                                      • Instruction ID: 07d8b025ede626aee9e6e2adc1e5e29f5ec22e2e383bace8ae3d3631016aeb34
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84d650c6b2125664e1c8157ee6b567f311813bab843622668a32f6dcd7bbb558
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3211D75E0020A9FCB55CF99DC41AEFBBB5FF88310F108056E915A7361DB749942CBA1
                                                                                                                                                                                                                                      Function 060E1F10 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8fda635f7883795fb1eb1949f9facdf02415925c7584be44450519dbcc3fe447
                                                                                                                                                                                                                                      • Instruction ID: 00925c5a8dd32a8243ae8d9c8126a3a24617f50842855b3e56698e2c88c9641b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fda635f7883795fb1eb1949f9facdf02415925c7584be44450519dbcc3fe447
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E21F332C0538A9FCB028B74CC140CDBF32AF87310F050697D480BB1A2E2B4224ECBA2
                                                                                                                                                                                                                                      Function 064F4471 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c15a213c3a1fd9d0ad60075c0548ff5cabe0ade83d79cfe5e2e36d97d638b53e
                                                                                                                                                                                                                                      • Instruction ID: 0c8fba15571e81d9504ec9e64323737fc276c18f347d23b940a0f3f1f2f004bc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c15a213c3a1fd9d0ad60075c0548ff5cabe0ade83d79cfe5e2e36d97d638b53e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79218C353102009FC705DB68E894D6E7BEAEFC82103588569E84ADF366DF30EC06CB91
                                                                                                                                                                                                                                      Function 064F04F0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7c9bff470638ff1af448cffd36e38277f752b77e96d1f645ba8eadc714fe631b
                                                                                                                                                                                                                                      • Instruction ID: da88f583785575af3d8232d2cbc879ef8282d3dbbc2fe0eb3bf51d0e95a2343c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c9bff470638ff1af448cffd36e38277f752b77e96d1f645ba8eadc714fe631b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0821F674A001199FDB05CFA8DA55AEEBBF1AF8C700F258095D845BB396CB71E901CFA0
                                                                                                                                                                                                                                      Function 064F2481 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 47b470a1aa75f509c862b4b18a8b3506dcf42ee2fbc0930b2313c07c468955ac
                                                                                                                                                                                                                                      • Instruction ID: 6157a410fb4b37c0384c832483fda8e4592d3296ef45a758507cb675d6992c0c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47b470a1aa75f509c862b4b18a8b3506dcf42ee2fbc0930b2313c07c468955ac
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2821C031A012059FCB15CFA8D9509DAFBF6EF8C210B0885ABE445E7761D731AD45CFA0
                                                                                                                                                                                                                                      Function 064F5220 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 83f25d0e526d502d916c1c3593be8c7168911fac13961ad17fd9bdfe57b12ec4
                                                                                                                                                                                                                                      • Instruction ID: fe418ea62e276fa87850ceff96f0fbb0e425601f42cb8a371b05630228eaac3d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83f25d0e526d502d916c1c3593be8c7168911fac13961ad17fd9bdfe57b12ec4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F213B30B102058FCB54DFA9C458AAABBF5EF89350F15846AE50AE7390DB72DD01CF91
                                                                                                                                                                                                                                      Function 064FC598 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: dacdbce4765ef8023aadb69ee48edd1d8221b26d925bc80fd0c2821e86e42335
                                                                                                                                                                                                                                      • Instruction ID: 1a5373fe87faf1ce9a312b922b99c0aaaf1725764b7d5565fe86ff9724480c8e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dacdbce4765ef8023aadb69ee48edd1d8221b26d925bc80fd0c2821e86e42335
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A1106306142089FEB298F18E844E7B7BAAEF84310F10925BF5118B2E2C770DC85DBA0
                                                                                                                                                                                                                                      Function 0329F1E1 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: aab5000e68b66f802fa6ebc54547f9dc24e2f19509b0759cc431a9598d365301
                                                                                                                                                                                                                                      • Instruction ID: bae99b4f8a6abd752e6d3b607c9cc3bf2890d17f2ae6a7085f663ce4d3bf33a8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aab5000e68b66f802fa6ebc54547f9dc24e2f19509b0759cc431a9598d365301
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2211AF34B202069FCB45DBA9DA4099AFBBAEFC5210318C167E809DF765DB30ED058791
                                                                                                                                                                                                                                      Function 0329B626 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3900dfa0f2dfa4974e148fe005f6f270dd6598afa67a5b4cbe61214cba69fdf0
                                                                                                                                                                                                                                      • Instruction ID: 37b6928d47b4f6f05cd98ae75b958171036252929d7d088401602c724155f371
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3900dfa0f2dfa4974e148fe005f6f270dd6598afa67a5b4cbe61214cba69fdf0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16219235A10205DFDB14DBA8D89496CBBB1FF8D320B14869DE85A9B362CB31EC42CF50
                                                                                                                                                                                                                                      Function 060E2047 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0783e7d2e7a00a76dbf0bfe22cc121c33cf30b419d3640e029055cdd073f9464
                                                                                                                                                                                                                                      • Instruction ID: 5fca6bc637312ad389efbb551e25c803f2f1f68c8b201d5290bc27dcb28db9ca
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0783e7d2e7a00a76dbf0bfe22cc121c33cf30b419d3640e029055cdd073f9464
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0611D631A002058FDB68DFA9C5409DEBFF6FF98310B1485AED446A7351DB31AE45CB90
                                                                                                                                                                                                                                      Function 060EEC00 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4dd20c14f2fc3d7082dac17784f264c5f1c3e4b22747ba8b500043241d001915
                                                                                                                                                                                                                                      • Instruction ID: 8f8f82fefa25ba671c95c12fbe7cc97b173ec60fd4124e54649f8488fb6d8f96
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4dd20c14f2fc3d7082dac17784f264c5f1c3e4b22747ba8b500043241d001915
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61111939B402148FCB44DB79D4489AD7BF6FF89625B0045A9EA0ACB361EB31ED05CB90
                                                                                                                                                                                                                                      Function 060E493F Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0e9ed365e5acd0c0bb58ae9c9dd052e3c92cbc49809ea11d0252d2c39093f402
                                                                                                                                                                                                                                      • Instruction ID: 5b8dd21ddae0a43054331914754b895b3e0535ea6f1f4da2e7d9a0301e4c31e4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e9ed365e5acd0c0bb58ae9c9dd052e3c92cbc49809ea11d0252d2c39093f402
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F218E32D0474ADBCB06CBA8D9405CEFFB2EF96310F154616E591BB261E770264ACBA1
                                                                                                                                                                                                                                      Function 0329A875 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7df472897c4cdc9e5170f87247013b7a26df54aa4b37137eaae415cb8bd2fd3e
                                                                                                                                                                                                                                      • Instruction ID: 25d6f12869940945580df2f1bac721e1d0e2c21f603a78f0bae4ff0544a5be18
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7df472897c4cdc9e5170f87247013b7a26df54aa4b37137eaae415cb8bd2fd3e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0311A71A81D2905FE742DB7CE9727D97F34DF8B215F150093C58487292D914990AD662
                                                                                                                                                                                                                                      Function 0329FF2F Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2d3a62d5704c73f244f2924a6838a4c66d0fee6f483f0d6778ef66e6f883da2a
                                                                                                                                                                                                                                      • Instruction ID: e7b567bc417c38bba4632d48f402994e31ec308b8e507ddf3885f052cb3bc565
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d3a62d5704c73f244f2924a6838a4c66d0fee6f483f0d6778ef66e6f883da2a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF11D032E1161ADBCB02CFA4DC804DEBBB6EF86310B154656E401BB260E770290BCBA1
                                                                                                                                                                                                                                      Function 03293FB8 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b8c02b1ecf93878dcc124d8b9b0c362ec05c64f98586d02a8cd486a394ad86b5
                                                                                                                                                                                                                                      • Instruction ID: 2a769d15dc4051f6b82600d2473cc3f3c68893d3802e3e770aecb69ed746291f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8c02b1ecf93878dcc124d8b9b0c362ec05c64f98586d02a8cd486a394ad86b5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4821E475A101159FDB14DB6AD840EEEF7F9EF88310F14806AE915E7350CB31AD05CBA0
                                                                                                                                                                                                                                      Function 060E2938 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e4b9c85173449fc8a1a6348441f0902e7bfac2ed55e9baeab5117c7bf6ed6dca
                                                                                                                                                                                                                                      • Instruction ID: eda32074f74f23e11f5e18cb8973d07d9dc0fcd813974217e0a17c677a483c02
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4b9c85173449fc8a1a6348441f0902e7bfac2ed55e9baeab5117c7bf6ed6dca
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6621AE71A002558FCB05CF78D4809ADBFF5EF89304B2481AED448EB362D2358A0ACBE1
                                                                                                                                                                                                                                      Function 060E6F2B Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b30daffa9abc0a56fe613d9e7202c9059d95993d7070769ca669e9f38b87136c
                                                                                                                                                                                                                                      • Instruction ID: 38e7e804029dd86ecb8a5431ba26480d5779cd68532badaa50a247c050410512
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b30daffa9abc0a56fe613d9e7202c9059d95993d7070769ca669e9f38b87136c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F21AC303606118FC784DB28C954999BBF6FF89B00701459AE5868B762DB72FD46CB80
                                                                                                                                                                                                                                      Function 064F0500 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7b9da7118884a7466d5d1bdcdc2dd50f4062e954542519cf0e038ce8c895be8b
                                                                                                                                                                                                                                      • Instruction ID: 0dd2fa336ac0990cc5a64d188294bb0b622083fe7c8a6c6a0ffc7828d3334771
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b9da7118884a7466d5d1bdcdc2dd50f4062e954542519cf0e038ce8c895be8b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6121F874A001199FDB04CF58D654AEEBBF1AF8C710F258095D805BB395CB71ED01CBA1
                                                                                                                                                                                                                                      Function 064F5898 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2bed7f4d46bd9ba5b58867badd1a5900a1bb75903af31da4f0bd6e43f3665baa
                                                                                                                                                                                                                                      • Instruction ID: 288070cad75fc379042f49c98559e4bf412f5369d5306cdcf946c60eddce9d6e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2bed7f4d46bd9ba5b58867badd1a5900a1bb75903af31da4f0bd6e43f3665baa
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2118E353142058FD364CB1AE484A16F7E6FBC9335B14C6AAE58E8B712C631FC82CB90
                                                                                                                                                                                                                                      Function 060EB078 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 402f963742765d42928fa373ff0582ccde3b3832c9951369df6aaf5bb12cbcc9
                                                                                                                                                                                                                                      • Instruction ID: f31a846aa3320e40a774e6d9a330a2ed231808a339eb2928871ef5d90779a784
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 402f963742765d42928fa373ff0582ccde3b3832c9951369df6aaf5bb12cbcc9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D211E5327002149FCB449E2AE990AAABBDEEBC5314B14857EE605CF215DB76DD09CBD0
                                                                                                                                                                                                                                      Function 060E8DB9 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: fe20de245b0c4040134a3e190b125babf18cf04dda2cc40296eff334bb1d2485
                                                                                                                                                                                                                                      • Instruction ID: 15ebdaa400cd3ed1c3f9a6a54ada0178ec3c676374fa0bbec03f93524c60b296
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe20de245b0c4040134a3e190b125babf18cf04dda2cc40296eff334bb1d2485
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6118130209B819FC356DB39D950946BFF9FF8621470589AFE489C7A22D724B819CB91
                                                                                                                                                                                                                                      Function 064F8CF0 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5748170ba812276944cacae372b789086b197704d0a29c781af623718ccd15fc
                                                                                                                                                                                                                                      • Instruction ID: 55436866cc9246aee854b074b33156acc3941b435ee35f08f47d1469b40f8e43
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5748170ba812276944cacae372b789086b197704d0a29c781af623718ccd15fc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7011B670E102189FDB15DFA9C854BDEBFF5AF89304F14842AE905BB381CB758945CBA1
                                                                                                                                                                                                                                      Function 064F6DBA Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3c2e3f7911de4b3d8ac57864bd5cf5440b6203493c63abe9e6abf22d118e0bce
                                                                                                                                                                                                                                      • Instruction ID: 359a0f06733660d9cb9c22b5c66e13600d3e816a2eaf5759c77396695326d411
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c2e3f7911de4b3d8ac57864bd5cf5440b6203493c63abe9e6abf22d118e0bce
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B116D75A0121A9FCB01CFA4D9809FFBBB6FF89300B10456AE915D7350DB34E905CBA1
                                                                                                                                                                                                                                      Function 03294BE0 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: fe0ad800086d28d4790c75fc146d4fdf9b37863d497a3b5602ace6e4031f5526
                                                                                                                                                                                                                                      • Instruction ID: 2a6f89fa0feab36b1d88d1bcac31c6923afb393d942f8df7d4e179f030f9aa2f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe0ad800086d28d4790c75fc146d4fdf9b37863d497a3b5602ace6e4031f5526
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C011293271421E6FEB14DF5AD850BAFBBE9FB84314F04852AE509CB240DB749846CBE5
                                                                                                                                                                                                                                      Function 0329FA75 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 55da62808022fa3b305478c0afb23b13ef9e1307825bc273e590ff13d1024073
                                                                                                                                                                                                                                      • Instruction ID: d3c11fcb0773173b930fcfbebf3cbb8914bac58a281b3e51cb2eddc877fefc48
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 55da62808022fa3b305478c0afb23b13ef9e1307825bc273e590ff13d1024073
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0116030B102059FCB44DF68C660A6EF7F5EF892107158557D456DB3A9DB30EC42CB91
                                                                                                                                                                                                                                      Function 0329ED31 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ecd0f38cc2272ab675c7efb29d8bb7f5a63ec949fed1e045d0bd21b6b9a6d629
                                                                                                                                                                                                                                      • Instruction ID: 43273d0577d63a876e81ae57180b51a2cca7ba124bbf88f9b02003117bed13c2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ecd0f38cc2272ab675c7efb29d8bb7f5a63ec949fed1e045d0bd21b6b9a6d629
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1116D32D0160A9BCB05CFA8D8414DEFBB2EF89311F114617E910B7250E7702A4BCBA0
                                                                                                                                                                                                                                      Function 0183D1FB Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2336519306.000000000183D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0183D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_183d000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b4df52cb15700b59c5b6b401fa95ea1d4e97f6e18881beb99e30f99f1fcf6035
                                                                                                                                                                                                                                      • Instruction ID: dfd0e0207644110664a131eb36d74ddd8f3a510413214e99f3c5a85f57fc8b18
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4df52cb15700b59c5b6b401fa95ea1d4e97f6e18881beb99e30f99f1fcf6035
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C621C076504280DFCB06CF54D9C4B16BF72FB88324F28C6A9ED494B256C33AD516DB91
                                                                                                                                                                                                                                      Function 064F2AB8 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: df9dada5724843a768b1c797deaa822219268c490754be8252c67ba7f3b2ea15
                                                                                                                                                                                                                                      • Instruction ID: 8514b3003c4191b9e08c07cef02fa7cd0e829e72b3c24e332c0d5e7545bcfbbd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df9dada5724843a768b1c797deaa822219268c490754be8252c67ba7f3b2ea15
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E311A536F101059BDF15DFA4C8515EFFBB6EF88350F158926D902BB244DE70590A86D1
                                                                                                                                                                                                                                      Function 0329B02B Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 15807fefb3021d602e5e6dd17967002d54daf8b26bc58ec92457a0fce9c77915
                                                                                                                                                                                                                                      • Instruction ID: 7f5201ef3b258b24249dba4966f2d40e337758390317fbc00e6244669c5ca7b2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15807fefb3021d602e5e6dd17967002d54daf8b26bc58ec92457a0fce9c77915
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81114936D1060E9BCF14CFA9D9409CDBBB2EF89310F21462AE814BB254E7706A4ACB51
                                                                                                                                                                                                                                      Function 0183D557 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2336519306.000000000183D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0183D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_183d000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d06fae078f3ccc2112caf8552f6b645ede566e603d6c7b0d9faf10800b04cc1c
                                                                                                                                                                                                                                      • Instruction ID: be78caaa49dc4863dc0563011c8ccbe08162595fcdd5a31934b742357c91c08c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d06fae078f3ccc2112caf8552f6b645ede566e603d6c7b0d9faf10800b04cc1c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D21CA76404280CFCB06CF44D9C4B16BF62FB88314F28C6A9D9094A257C33AD52ADBA2
                                                                                                                                                                                                                                      Function 060E31F8 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 148955642aa89a4756ecc818427442fc4c26012c18d30808ea05dcb880474411
                                                                                                                                                                                                                                      • Instruction ID: 9404c2d451b047f1eb1a4ea79180b197a8ea55aeb3042ab7e278a4248e46fc6d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 148955642aa89a4756ecc818427442fc4c26012c18d30808ea05dcb880474411
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70113D307406108FC778DF69E854A66BBE9EF94314714862EE44AC7665CB71FD06CB80
                                                                                                                                                                                                                                      Function 064F5F92 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b50906c1a0bc6e8d6d7bd0975368936445ff058efbf18fbe1d5115948d95a5a8
                                                                                                                                                                                                                                      • Instruction ID: 0b0b2e621fede85a89c5f6375c8450a202b0f1e12b26bdb54d0d9e0eb484655d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b50906c1a0bc6e8d6d7bd0975368936445ff058efbf18fbe1d5115948d95a5a8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E11A032A101148FE744CF69CD48B9BBBB6FF85715F1581A6E604DB266C770D904CBA0
                                                                                                                                                                                                                                      Function 0329FF40 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f2c1f08569ac862b1435a41f070b66e1af76ee5ab24a64c64220ad3721b0f88b
                                                                                                                                                                                                                                      • Instruction ID: 35c7bff28229ec52cfa1712a0a749b1664ba263900ca9b287850baaf45f9906c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2c1f08569ac862b1435a41f070b66e1af76ee5ab24a64c64220ad3721b0f88b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09119E32E1061ACBCB01CFA8D8804DEB7B6EF89310F154616E511BB260EB707907CBA0
                                                                                                                                                                                                                                      Function 060E51A0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cd96baf5354f7a341339df9ab92cae1cf99090534a120110ade4cffab821c827
                                                                                                                                                                                                                                      • Instruction ID: 07c87a00f1278eb7f5554cfcf6021f25e6e15d371cdb646e83602eba1db37dd4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd96baf5354f7a341339df9ab92cae1cf99090534a120110ade4cffab821c827
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 330128313443011FD3195A7AAC9175AFB8BEFC5210F04847AD60ECF3C2EEA59C0983A1
                                                                                                                                                                                                                                      Function 060ED980 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4423712875bf404e154c727beefc151e450d6ba2e5ac56af05c51d966a7830c1
                                                                                                                                                                                                                                      • Instruction ID: f196a630c888733c5b57ae83c25aa34aca7099704772b8561e345dc1fb4a4504
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4423712875bf404e154c727beefc151e450d6ba2e5ac56af05c51d966a7830c1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC117C70A842699FDB54CF69C450AAEBFF1EF48310F18406AD445BB3A1DB719D40CBA0
                                                                                                                                                                                                                                      Function 0329B038 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6ac7bdb351ef1fb6328cc88fc715294a445e326c72e4f7e61e455852f38302d3
                                                                                                                                                                                                                                      • Instruction ID: 97bb290383f7572ea1422c16bc0ad657144965f7c4392136cdc1aa7cf3bcd260
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ac7bdb351ef1fb6328cc88fc715294a445e326c72e4f7e61e455852f38302d3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B113D36D1060E9BCF11CFE9D9408CDBBB2EF89310F21462AE814BB254E7706A5ACF51
                                                                                                                                                                                                                                      Function 064F28C7 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 846974732f4eb02b1567413d5f90f65df744c930eac987b659721e011fa7192b
                                                                                                                                                                                                                                      • Instruction ID: 50aa7095a12dd39fa0829e3f6ca36cb0876168f34f97351d378524496f6b7ff8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 846974732f4eb02b1567413d5f90f65df744c930eac987b659721e011fa7192b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E411E532C0064AABCB05CFA4D8104DEFBB6EFC6310F114613E95077160DB71265BCBA1
                                                                                                                                                                                                                                      Function 064F196F Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 21c2f54cbf345a08ea288f6cda27078a27cb934b8203b348ddc57c7b94ca52ac
                                                                                                                                                                                                                                      • Instruction ID: 585778aa2350d0abc910b58f2a41fbbdf397a21aab785d7fa28f952bb5199911
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21c2f54cbf345a08ea288f6cda27078a27cb934b8203b348ddc57c7b94ca52ac
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9114C32D1070A9BCB05DFA8D8404DEBB72EF89310F154613E550B7260EBB0254BCBA1
                                                                                                                                                                                                                                      Function 064F4EB9 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b6e88f0def527cd7e0f227376b0b627b1cd500f4b5bf78356b1b97bd6ba12d73
                                                                                                                                                                                                                                      • Instruction ID: 5b9b716532db8e17f700850eb14d25924ada395094e452306208e9c585ba7c43
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6e88f0def527cd7e0f227376b0b627b1cd500f4b5bf78356b1b97bd6ba12d73
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B01D4357002009FC711DF29E890C6BBBEAEFCA314714446AF549CB325DA20ED01CBA1
                                                                                                                                                                                                                                      Function 064F08A0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bde73330ceca39c624330762a4e0db3e7f61f8277237a72cd00424585b235b40
                                                                                                                                                                                                                                      • Instruction ID: 9d11b53a1438dd8b705c7c215a7f0409abd2e89bcd27661e3db3591d8934b0f0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bde73330ceca39c624330762a4e0db3e7f61f8277237a72cd00424585b235b40
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60113A32D0064E9BCB05DFE9C8404CDFBB6EF99310B214616E8147B214EB716A0ACBA1
                                                                                                                                                                                                                                      Function 0184D227 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2336567858.000000000184D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0184D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_184d000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                                                                                                                                                      • Instruction ID: c4ba9c5fa2b9b92971d702a27c8a506bdc0374c4c49190494f57c72f63b98a3f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F11DD75504284DFDB02CF58D5C4B15BFA1FB88324F24C6ADD8498B656C33AE50ACB62
                                                                                                                                                                                                                                      Function 032969DE Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ff5c4f344a2667f0132156a66b8c8cafbb7abb2872b1524750af55d815fb1ee0
                                                                                                                                                                                                                                      • Instruction ID: 85af93460127d4ba165f24a35db47b9d78f363f11641e5e2f5767bc0ba8809eb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff5c4f344a2667f0132156a66b8c8cafbb7abb2872b1524750af55d815fb1ee0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01115E32D0465E9BCB01DFA8D8405CDFBB2FF99315F154626E805BB254EBB0265ACB90
                                                                                                                                                                                                                                      Function 0329BDF8 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 98add07e133937ac05e47cbc9d3fdb937c8f6f3de4ff0194b368037e0476fd69
                                                                                                                                                                                                                                      • Instruction ID: 15013951c68024a56e87a5d98209c05376ed3560f38f171edec2e27a52c0eab7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98add07e133937ac05e47cbc9d3fdb937c8f6f3de4ff0194b368037e0476fd69
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9117035A11309EFDB15DF60E955BAE7FB1EF88710F100029F506AB390CB756881CB80
                                                                                                                                                                                                                                      Function 060E6F38 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a3e8b88e3a0ffb7bebde70ccd6cb26aef160267ff94d446c908ea144637f600d
                                                                                                                                                                                                                                      • Instruction ID: e5a19d7a576eb101b33ceec6b4b1bf783a4aab0edddf7b0d1c149e4aa960b339
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3e8b88e3a0ffb7bebde70ccd6cb26aef160267ff94d446c908ea144637f600d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40117C34360A158FC784DF29C544959BBF6FF89B00B414599E54A8B761DB72FC46CBC0
                                                                                                                                                                                                                                      Function 060E4950 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1ce70c32e913eaabe1de5ef9049e46dbff925de9a91d638cf2c353d7022b00ff
                                                                                                                                                                                                                                      • Instruction ID: a1dd3846143d38f26391dcc74a2d427bf01d174b868df6ffea49c319f93917da
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ce70c32e913eaabe1de5ef9049e46dbff925de9a91d638cf2c353d7022b00ff
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F118E32D0064EDBCF01DFA8C8408DEFBB2EF96310F114616E91077260E770264ACB90
                                                                                                                                                                                                                                      Function 064FAA70 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: aad626d0f5370c2264f0d081cda2ecf3b1c7ebbefb7aaa3792f510262db82fcf
                                                                                                                                                                                                                                      • Instruction ID: c1342d46330cb5e570551c13fbea91dcd74b531d4dafdc9f1512e7fe4c605c7b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aad626d0f5370c2264f0d081cda2ecf3b1c7ebbefb7aaa3792f510262db82fcf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B0140797007009F8775CF19D980857BBF6EFC92613188A6AF949C7711DA30EC498BA1
                                                                                                                                                                                                                                      Function 03299758 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: af707153130936eb7f9ee1e07ed0932a7700a9c22e5a3d4939b204168d934cdd
                                                                                                                                                                                                                                      • Instruction ID: d52bcacfdbb8e4ac18506dc11d9c40b0a49d8e8771fa0e99236a66ff5999faa3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af707153130936eb7f9ee1e07ed0932a7700a9c22e5a3d4939b204168d934cdd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F811C432D0060E9BCB01CFE8D9405CDFBB2EFD9310F254216E8017B264EB712A4ACBA0
                                                                                                                                                                                                                                      Function 03299B31 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e93da0d5a0ec8653016609b90a40df6f212fd1b078efebbc3e13737d11b3b432
                                                                                                                                                                                                                                      • Instruction ID: 5ef48be2e9fca1472ee3b4741351516097f2edbd9cf5ec75f733d8481e0929a3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e93da0d5a0ec8653016609b90a40df6f212fd1b078efebbc3e13737d11b3b432
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11117C72D1061A9BCF06CFA8D9404DEBB72AF99311F154616E910BB250EBB0254BC7A0
                                                                                                                                                                                                                                      Function 0329ED40 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 60ae95a8f60597d1bd7f510f05c6655586f5de80cd907b52cd1e81f239ce742c
                                                                                                                                                                                                                                      • Instruction ID: 5b9ce2b381aec2a1f6be16be6c084fde3bbf4c783b4615ed9354b0f342869a23
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60ae95a8f60597d1bd7f510f05c6655586f5de80cd907b52cd1e81f239ce742c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E113932D0060EDBCF05DFA9D8404DEFBB2EF89311F118626E915B7250EB702A4ACB90
                                                                                                                                                                                                                                      Function 060ED645 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 38c4466475371707bd97496973530e2482a815e2e4247558bac92eb7bd70a49c
                                                                                                                                                                                                                                      • Instruction ID: 87d2dab50e7ff00a3b3cb78e566b4a88f096ec5cbdfd5b0ed3b359fc2bd211e4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38c4466475371707bd97496973530e2482a815e2e4247558bac92eb7bd70a49c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 231121357402108FCB84DF69D5989ADBBF2FF88701B608069E506DB3A1DE35DD01CB51
                                                                                                                                                                                                                                      Function 064FE568 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7d6bb3fe92efa66f179f92fced90f6c02c74722de00ab202258a1c117bf22341
                                                                                                                                                                                                                                      • Instruction ID: 5b1f67b1fed9168f829aa04cdaddaf9fc104e7ea906b106ac9d068296af52118
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d6bb3fe92efa66f179f92fced90f6c02c74722de00ab202258a1c117bf22341
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C114C70E242099FDB94CFA9C845BBEBBF0AF44311F01409AD608EB761E7719981CF80
                                                                                                                                                                                                                                      Function 064F9040 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ecf59d5b8d59644714b6befcecaf58f8e47cba8fa1e201593788b45f39834824
                                                                                                                                                                                                                                      • Instruction ID: b7e0c765f87fa94578bbd7cbdd3240acb04aec5734d7a714b944faee547655ee
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ecf59d5b8d59644714b6befcecaf58f8e47cba8fa1e201593788b45f39834824
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD01D4393001148FDB45EB6DE454E6E77DAEBC8325B14802AE60EC7751CB34EC0A8B90
                                                                                                                                                                                                                                      Function 0329C108 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 03dd7874e5cf8e29a4bb271344c36ff72622cccf4735d153648553f654a943ae
                                                                                                                                                                                                                                      • Instruction ID: eec1e87e1b4596f641581dc3d1ba14895c5a4de082cdbc47f1b8d6aa1be1df9e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03dd7874e5cf8e29a4bb271344c36ff72622cccf4735d153648553f654a943ae
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19118B32C1464B9BCB06CBA4D9501DDFB72EF86300F164663E511BB1A5EB71254ACB90
                                                                                                                                                                                                                                      Function 0329C05B Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d31c4d0479812d575e98980fb1c323638f3154733718ab26716f80d371a68682
                                                                                                                                                                                                                                      • Instruction ID: f4912c6daa8f34240a3b9198fc4f143449e655193a8df58c3d5f36ea39b2a2d5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d31c4d0479812d575e98980fb1c323638f3154733718ab26716f80d371a68682
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC01D672F242299BEF04EB68C415B9E76F6AB48700F14041AE502FB391CEF54D4087A5
                                                                                                                                                                                                                                      Function 060E4638 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f7f4fcf4dde2d5d32bf08cb797bb9e1a74f569cbe86a0d05c7f9bbd9b30d3d14
                                                                                                                                                                                                                                      • Instruction ID: 1da23086970e78c3687d5a04c81cb58c8df4773285204ed6c1e6f7f02a883bcd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7f4fcf4dde2d5d32bf08cb797bb9e1a74f569cbe86a0d05c7f9bbd9b30d3d14
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80112132D0060E9BCF05DFA9D9404DDFBB6EF99311F118626E511B7260E7713A4ACB90
                                                                                                                                                                                                                                      Function 064F1980 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6c2952040dda89cba1e1e655dda918148444ed9844974396e81357f86446b66f
                                                                                                                                                                                                                                      • Instruction ID: 006d7898d94fa1143a8be26f5f0794708219c9deadd974fcacaa83e363675b49
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c2952040dda89cba1e1e655dda918148444ed9844974396e81357f86446b66f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4115B32D1060E9BCB04DFA9D8404DEFBB6EF89310F154616E91077250EBB0254BCB91
                                                                                                                                                                                                                                      Function 060E4636 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3cfde1b6db2d795cfa86a7abe2f550399cf8225163108539d76bc3743dfb588d
                                                                                                                                                                                                                                      • Instruction ID: cc7a026975e13cee8ea6bc87da335f690ba019bae4f6d49de166101f80a6f008
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3cfde1b6db2d795cfa86a7abe2f550399cf8225163108539d76bc3743dfb588d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13112D32D0061A9BCF05DFA8D9415DDFBB2EF99311F158626E511BB260E7703A4ACB90
                                                                                                                                                                                                                                      Function 060E9950 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4a5f6b1e1d47717ca70234b8070b5844689e7b8dc3a8c11ff67550b6f9d65b27
                                                                                                                                                                                                                                      • Instruction ID: 174c5b76ccc775d82e470e0c46d8c72b902e48bcc7031a30a28463b13b94907d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a5f6b1e1d47717ca70234b8070b5844689e7b8dc3a8c11ff67550b6f9d65b27
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33014731A423609FC3A50B29A4116BA3FDDDBC2310F14857FD542CB256CA7ACD46CBD1
                                                                                                                                                                                                                                      Function 064F23E0 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7da21b90d0bbf6db57570878147afa9a3049d7f963ae1a44e2304585d401e1ca
                                                                                                                                                                                                                                      • Instruction ID: 006f8d5431b2cf682371e9536ad2f0a8665b98444da7a2fa05bf816b4df9c5a4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7da21b90d0bbf6db57570878147afa9a3049d7f963ae1a44e2304585d401e1ca
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE019631A102059FDF15CFA4C855AAFBBE5AF48350F04892AE546EB355DAB0E9068B81
                                                                                                                                                                                                                                      Function 0329B28F Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cfefb94dbf6fbb497b3140b14e6d73156b2a9ad7d8b8428dc5d18309c89ccc7b
                                                                                                                                                                                                                                      • Instruction ID: 0dc00f9de61ade5cb09de20d22a7082be1ce059c9bc0879e84f476ab52dccf40
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfefb94dbf6fbb497b3140b14e6d73156b2a9ad7d8b8428dc5d18309c89ccc7b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB111875E0021A8FDF14DBB8E4549ECBBB2EF8C311F24816AD415AB229D7719845CF50
                                                                                                                                                                                                                                      Function 032966F3 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 081ac7a8b6f00a7f81ebfd7eaffc07072f9b43f2df86238de7de743ba01a4866
                                                                                                                                                                                                                                      • Instruction ID: 327647e91210798122ce56ba9d725ebcda89698bd777d1528a0745ffb405c041
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 081ac7a8b6f00a7f81ebfd7eaffc07072f9b43f2df86238de7de743ba01a4866
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A019232A006199BC709EB69E95066EBBEAFF85310B14856DD40DCB214DE35AE068BC6
                                                                                                                                                                                                                                      Function 0329DFD0 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6540884ee71f881c6d55aad39fc95cde2b481bde3480a87f9975369981fbc48e
                                                                                                                                                                                                                                      • Instruction ID: b03b0437dffb79fd881367732b2d8ba44ad7f74917fc7507ae0b4a66a573a886
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6540884ee71f881c6d55aad39fc95cde2b481bde3480a87f9975369981fbc48e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA01DB35710202EBDF54CB59D44066FB7AAEFC8264B5A801BE909D7304DF32DC428751
                                                                                                                                                                                                                                      Function 060E289C Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b4f9ce3343d2aa73c811918a21f51ef88bb444903afa242df724e5efc6b1615b
                                                                                                                                                                                                                                      • Instruction ID: 31a7b9ff7b733ddf9ead76745555797548afb5ee511f488858116d21e09f64c5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4f9ce3343d2aa73c811918a21f51ef88bb444903afa242df724e5efc6b1615b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3018032644215DFDB199B64C8187AEBBF6EF89301F1544BDD402EB3A1CB799D41CB90
                                                                                                                                                                                                                                      Function 03299768 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f96e14eaae9d385a216b23cf99ac5770af46c4b8645c0c8b3ccb8b46f87bec8c
                                                                                                                                                                                                                                      • Instruction ID: cd1d1d2b627578d8fff6bf5dda85f34bf92937b19ace2b86daea052c62ab1336
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f96e14eaae9d385a216b23cf99ac5770af46c4b8645c0c8b3ccb8b46f87bec8c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48018032D0060E9BCB05DFE8D9404CDFBB2EF99311F254626E5017B264DB712A4ACB90
                                                                                                                                                                                                                                      Function 060E1F40 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a80164c7de0fc5b2382af13eb184f78798d3fb552a4702fd297de89553226139
                                                                                                                                                                                                                                      • Instruction ID: 81c97e5755ca710485c959991c8380c357d7acf9a9d59820b8813a5d1ac0d32d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a80164c7de0fc5b2382af13eb184f78798d3fb552a4702fd297de89553226139
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33017C32D1060E97CF11DFA8D8004DEFB76EFCA320F114612E9117B260EBB1258A8BA0
                                                                                                                                                                                                                                      Function 064FC588 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5c38941eec45cd4a314e7b8e997a9a56ea1796dfd33634d9881bfb937632a4ee
                                                                                                                                                                                                                                      • Instruction ID: df0028bac780850024ce6473b5dc3374f9e94c0a01bfc8ee12786ad1019d0ba4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c38941eec45cd4a314e7b8e997a9a56ea1796dfd33634d9881bfb937632a4ee
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F401FC31314245AFEB198F14E854DB77BAAEF88310F04921EF10587391D771DD45EB60
                                                                                                                                                                                                                                      Function 064FA2E1 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5bd4b348e9dd55da068e67d1acab45c85508ad6e5a7eaad67de4b9fbee354748
                                                                                                                                                                                                                                      • Instruction ID: 7983a5d89f1c4b91fd3cfb58368630b44c78363196e31321cdedb1bd609c94d3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5bd4b348e9dd55da068e67d1acab45c85508ad6e5a7eaad67de4b9fbee354748
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2018C70E10610CFC7E0DF3AC804A6BBBF1EB88314F04456ED24A87A11D334A546CFA0
                                                                                                                                                                                                                                      Function 064F28D8 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1c0b94ae278e69f9d352839cc79ecaea1b46a834d95ea9b581874b1c8105b418
                                                                                                                                                                                                                                      • Instruction ID: c1abd4e97d320d41fea643e4cebcb5351d2fcd37e26212936b3f03929bc7effa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c0b94ae278e69f9d352839cc79ecaea1b46a834d95ea9b581874b1c8105b418
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94015A32D1060EABCF05DFA9D8414DEF7B6EFC6710F224612E91177160EBB1264A8BA1
                                                                                                                                                                                                                                      Function 0183D0F1 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2336519306.000000000183D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0183D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_183d000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b15e574b502c6d30669e46871ee8aef63f99b9d0f8d3dc14a6635e20001d52a0
                                                                                                                                                                                                                                      • Instruction ID: 73f9301c6b2e6d2eccb68426497061de3f7601e5733f410e3f0fb43d127168d1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b15e574b502c6d30669e46871ee8aef63f99b9d0f8d3dc14a6635e20001d52a0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8601F732105704DBE7208A59CD84B6BFFACEFC5324F1CC629ED498A287C2399940CAF1
                                                                                                                                                                                                                                      Function 060E46C9 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 266e304af1ffb52ee7b1af1afab711f27189328bac192b4b94ad68328b78351a
                                                                                                                                                                                                                                      • Instruction ID: d2b0c8af9f6c30eef681beb4aaebb6f8ce305c10f9487260d96891534a9b46fa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 266e304af1ffb52ee7b1af1afab711f27189328bac192b4b94ad68328b78351a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5101F931D2015A9FDB149B74C4195FFFFE59F84300F14882AD583E7250EE70594687C1
                                                                                                                                                                                                                                      Function 064F23F0 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 488a607ebf739cf84d5bb70143f02a181366dd2c873d996cdb17993f711d3174
                                                                                                                                                                                                                                      • Instruction ID: 3c37df867265ab79bd7df16cf2348422ae8a42106909624f1b60274b6f1b9afa
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 488a607ebf739cf84d5bb70143f02a181366dd2c873d996cdb17993f711d3174
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C401B131B202099FDF14CBA5C8509AFBBF6AF48350F00842AE406EB355DBF0A9058BC1
                                                                                                                                                                                                                                      Function 064F0040 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 982910c9126832f103b4c12f7ed299fcfd85ee17e8ba215712d549b21191a2a8
                                                                                                                                                                                                                                      • Instruction ID: 9021f015e50b88b1ec31bb51df298fb794ec3c9386c1c1a4f220bad40d322338
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 982910c9126832f103b4c12f7ed299fcfd85ee17e8ba215712d549b21191a2a8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9801D831B102099FDF10CFA4C8549AFBBF5AF88350F00842AD506DB345DBB0E90587C1
                                                                                                                                                                                                                                      Function 064F7862 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9c63e149db168904362f01e501f2aef816c9f6b9b31c68ccb5d2c6f9badf11c0
                                                                                                                                                                                                                                      • Instruction ID: f60bba813abfa570face2db5ae7ed5f7c8c6d1ad837a75f3d7bee899ade0ebb7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c63e149db168904362f01e501f2aef816c9f6b9b31c68ccb5d2c6f9badf11c0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C401A42195F3E06FD703AB789DB08E27F789E4721470A81D7E484CF1A3D519891AC7AA
                                                                                                                                                                                                                                      Function 03296658 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c9545e3018623fad6b1a232282014af80600109974d7f20e19d573973c5fc6c3
                                                                                                                                                                                                                                      • Instruction ID: eaeb980f417823bf2041d58ec5640272715a90676951f20ee1065d3019988e67
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9545e3018623fad6b1a232282014af80600109974d7f20e19d573973c5fc6c3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D0140766006099BC70ADF2DC5905AEB7E6BFC5204314C96AC4498B764EE31E90A8BD5
                                                                                                                                                                                                                                      Function 0329FB91 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1951a314bac465e5547f6ccd919c547a315f05d655a303c00f855be2581ab57f
                                                                                                                                                                                                                                      • Instruction ID: de8e33f1f2e8b00ee9625f588e2cf763d4da8031099a62c5beea79a7fcb23567
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1951a314bac465e5547f6ccd919c547a315f05d655a303c00f855be2581ab57f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A201D6313002016FC301DBB9D99085A7BADEFC925031589AAE449CF225DA25DD468790
                                                                                                                                                                                                                                      Function 060EC038 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 140b245ff83a0d89a4afff03335d4cf552c9c76dc77ae76811e1a5fa7316a21e
                                                                                                                                                                                                                                      • Instruction ID: 6f4f0153233e92a8d4c9a4021a822af961fd3e3f75fbd0bdab5ba4311e532815
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 140b245ff83a0d89a4afff03335d4cf552c9c76dc77ae76811e1a5fa7316a21e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92F0683A7007108FC3655B7AE49842ABBE7EBC8565314817EFA0AC7311DE32DC05C761
                                                                                                                                                                                                                                      Function 060E9960 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a6be4cb65a111a2b9c6d41aed4e6637c171dc6e486c85e042f6c01e9d1a61dbf
                                                                                                                                                                                                                                      • Instruction ID: f9067260f6920d075270a51527b4c53f72b5d7ffd31f19feab50f4bc9854484c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6be4cb65a111a2b9c6d41aed4e6637c171dc6e486c85e042f6c01e9d1a61dbf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1BF0D1327413219FC7944A6EB4106BA7B9ADBC5321B14853AD60ACB245DA7AC846CBC0
                                                                                                                                                                                                                                      Function 060E49E1 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a9b225c473dfd002bc4a8ea24a34a5e78aa1e7823b24c5194e5856530befcd51
                                                                                                                                                                                                                                      • Instruction ID: 5fa756ec12cc55ca1e721834af3d8bd6faef109ab14c9881e3e59910068a443d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9b225c473dfd002bc4a8ea24a34a5e78aa1e7823b24c5194e5856530befcd51
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4201F431D5024A8FDB149FB4C41A5EEBFF59F54351F14483AD482E7250DE70254787C2
                                                                                                                                                                                                                                      Function 060EB213 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 24e3742e7849eb3569330acf613bcece50ec21b9bef3d97052f6b626630f38d0
                                                                                                                                                                                                                                      • Instruction ID: 213a963af38f4b2644125f59761f548240991ce7c33f81b8561438e4285cb45d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24e3742e7849eb3569330acf613bcece50ec21b9bef3d97052f6b626630f38d0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74018F7098E3E28FC7674B75492156D7FB1AF57240F4940EFD490DA1A3C62D8809CB62
                                                                                                                                                                                                                                      Function 064F6CA0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 62026712dbce12528878b8a6217194aec145d7e15cdf9a959be6be5b16cd8017
                                                                                                                                                                                                                                      • Instruction ID: ed0549cfec48c17af6d8ffe79cee895e64ed76030ef286bab4498d3d278de897
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62026712dbce12528878b8a6217194aec145d7e15cdf9a959be6be5b16cd8017
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3FF046227182622FCB5483F85C505AFB6D8EF9A210306856AD51DE7342E9105C0043E6
                                                                                                                                                                                                                                      Function 064FAA80 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c9bba336d849ff55c8f9a4327cdda144eb909c7dc50694686ea7996573cb49cb
                                                                                                                                                                                                                                      • Instruction ID: b0f44370c6dc7908eb7df28bcb5c00bad798fea81ae7cc965c2e8d4c1eeaa76e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9bba336d849ff55c8f9a4327cdda144eb909c7dc50694686ea7996573cb49cb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79014F75B007049F8774CF1DD980816BBF6FFC82113148A2EEA4AC7710DA30F8488B61
                                                                                                                                                                                                                                      Function 060E8EA8 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 24c2114b9bb1729ab3b1142c470b85c263922f0c7f956b914e9f39e63cf19e9b
                                                                                                                                                                                                                                      • Instruction ID: 0109c5c900be1053ea5de04ac26191e2093ed7a83bacc6b49884e327e64117c0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24c2114b9bb1729ab3b1142c470b85c263922f0c7f956b914e9f39e63cf19e9b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DF04C31DC9664CFD7B14B2895003767FA5AB0231CF08C0D6F11C99A83E27BC962C354
                                                                                                                                                                                                                                      Function 03299E09 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1d1e988736fc5380e159409a449442850e73d7557c8e15c75bd8bac1153f3768
                                                                                                                                                                                                                                      • Instruction ID: 04d5b63d77a55bef28ec8086bd97492864bc012bf1f943fa47c5938c69a50cfe
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d1e988736fc5380e159409a449442850e73d7557c8e15c75bd8bac1153f3768
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7F06D72B002045FD709DF69A50169EB7E9EFC4221718857ED40CDB254EB3299468BD1
                                                                                                                                                                                                                                      Function 064F9F50 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d665e1b76346d9287fde0028598e95b003087081e01bcbd145bffa8e0eb8979e
                                                                                                                                                                                                                                      • Instruction ID: ac2951b8445bc16d39729d1c40a7d8cde8a22155a8642cdd9a0d87fe54bd3178
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d665e1b76346d9287fde0028598e95b003087081e01bcbd145bffa8e0eb8979e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7012534910700DFD7A4DF25C184A66BBF5FF44310F10496ED64687A95E776F889CB50
                                                                                                                                                                                                                                      Function 060E28B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 634fea4145c2e116d84051f6cc1ba1ac6d8e43f1e19b05d64ddc215af24aa956
                                                                                                                                                                                                                                      • Instruction ID: 82774be745717f6fb073ea4c064882175c36a951ccc15804da494634a5b5f5eb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 634fea4145c2e116d84051f6cc1ba1ac6d8e43f1e19b05d64ddc215af24aa956
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62014B32A00225DFDB599B64D9187AEBBF6EF88301F154469E806AB3A0CF759D01CB90
                                                                                                                                                                                                                                      Function 064F8E78 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 494daa98f565a632d2f240a6f1b1079d9d24692b16d99dd3a99db748314e0877
                                                                                                                                                                                                                                      • Instruction ID: 964c3aa1d24428d25b8369413f00ecabf3c52283492a827af8f5c7aa424eaada
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 494daa98f565a632d2f240a6f1b1079d9d24692b16d99dd3a99db748314e0877
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37012C31A11118AFEB25DB54D918AEFBBFAEB4C200F10046AE501B7291CB751D08CBA4
                                                                                                                                                                                                                                      Function 064F6D42 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a2a0d2cdabda5eef16693937b5561fe5559acffae873dfc7bb85c17b443935e5
                                                                                                                                                                                                                                      • Instruction ID: 0f00e83c153074ccca8f6d8d8abbd59aefc8169e6a2c4c6165d89dc2ac6b80a0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2a0d2cdabda5eef16693937b5561fe5559acffae873dfc7bb85c17b443935e5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62F059367252611FCB5597BC78804EE6399EFC83103168177EA1DC7310EE194C4183E6
                                                                                                                                                                                                                                      Function 0329EB09 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8b33a3e8af136154246ecb55cb40994c0946d758f79662b3df178fb78c995be9
                                                                                                                                                                                                                                      • Instruction ID: d73b61790c51a436c5d3e3bfdc801acfd03662f773667ef6913887f9d5de86d8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b33a3e8af136154246ecb55cb40994c0946d758f79662b3df178fb78c995be9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4F0C23292014A9BDF15DBB0C926AEFBFBA5F48300F15882BD453B7241DE74554B8AD1
                                                                                                                                                                                                                                      Function 0329CFA8 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 89c946512dc4eb4d09b0246a0a11fc98632e48d928887b7764a8582b505ec21a
                                                                                                                                                                                                                                      • Instruction ID: 0fe6be9e0e3101a2fc1a9ee4983e14ba25a2dbe0b68041784b8b16662adf60da
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89c946512dc4eb4d09b0246a0a11fc98632e48d928887b7764a8582b505ec21a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CDF0FF317003108FC7059B34E490A2E7BAAEBC93113644579E60ACB310EF7AEC06CBC1
                                                                                                                                                                                                                                      Function 060E8498 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 49c858617d5cdf580a60adc7940c3151b6cff670f9b4d9454b13a5a9cabc6dad
                                                                                                                                                                                                                                      • Instruction ID: 463ebb0a566ced7e775584b0163e6eb4146c23af5ec72bce5a60c43d46d6726f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49c858617d5cdf580a60adc7940c3151b6cff670f9b4d9454b13a5a9cabc6dad
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44F08C31341B119FC755DB29E94494ABBAEEF85210704C6AAE14ACB662D720EC45CBE1
                                                                                                                                                                                                                                      Function 060EC280 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 111e07f798eddcf55c0ba82e0c0c1633897c15e2e257fb436f541c3efb463201
                                                                                                                                                                                                                                      • Instruction ID: 4539b9348d6a873f41c1900984eab6d020822b067497013499139c985c2df0de
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 111e07f798eddcf55c0ba82e0c0c1633897c15e2e257fb436f541c3efb463201
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4F049313802248FC794DA6AD94491EBBEAEF99661701927AF916CB360DA71DC01CBA1
                                                                                                                                                                                                                                      Function 060EC2EB Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bc38268bc1a71e12d4f190f361337d775104a68556411a3822ba3638d6292a07
                                                                                                                                                                                                                                      • Instruction ID: bd25282b8bce5d86320e502fe3116f4ca30ebc2e14a5823767e6bd9c88265d4e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc38268bc1a71e12d4f190f361337d775104a68556411a3822ba3638d6292a07
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71F0A7357413645FC7251669A4144BA7FEADAC61A230881BBF609C3641CE258C02D7A1
                                                                                                                                                                                                                                      Function 060E9ED0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d02759554f44787e64c9bbc293a2bc3b6294d5a93f2b70b3257b13c865f7b190
                                                                                                                                                                                                                                      • Instruction ID: 5d5e01b27dc813cd28e08b3a2452444677d5bd52dc039bf1adcd8989b76143da
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d02759554f44787e64c9bbc293a2bc3b6294d5a93f2b70b3257b13c865f7b190
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36F05437B443149FC7649B76F8445AE77E9DBC4231715807AF609D3741DF3599018B90
                                                                                                                                                                                                                                      Function 060E8DE8 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bfe1d2529bcab5cfb40c2c8ea82bec41263e3845c3bbecec9b49f61bd7cd51cc
                                                                                                                                                                                                                                      • Instruction ID: d4e493dab2b6b2174f8a4f60443e79cb19000f8762b285f273af44948fcc3950
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bfe1d2529bcab5cfb40c2c8ea82bec41263e3845c3bbecec9b49f61bd7cd51cc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28011631200B029FC758DF29E58494ABBEAFF883147408A29E58AC7B24DB70F955CBC1
                                                                                                                                                                                                                                      Function 064F1A10 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e34d51d27b05bb0c2df542522b4bae91b0c50198971e42f00678d17dd85643c9
                                                                                                                                                                                                                                      • Instruction ID: 4ddb74a3f0db66adfdc65922e4de02bd857e3a83d3c0dd4d5bdac59f3ab7f3af
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e34d51d27b05bb0c2df542522b4bae91b0c50198971e42f00678d17dd85643c9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51F0BB32D1014AA7DB159760C4199EFBFF69F48310F15482AD502BB340EF70590BC7D1
                                                                                                                                                                                                                                      Function 060EDA50 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 99d5d730b241ee77faca68e217e5b988b1bc9d7b9dc58b4acde031cc9201eb39
                                                                                                                                                                                                                                      • Instruction ID: ab320bffd0c6440808dbf239a422647ed798d9c40f3f8b02c97d93f257898c43
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99d5d730b241ee77faca68e217e5b988b1bc9d7b9dc58b4acde031cc9201eb39
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7EF0F0327083116FC7259B68EC4086EBFEAEF892603084A3AE556C7252DA71ED45C7E1
                                                                                                                                                                                                                                      Function 064F3EB7 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f5396214466aeeece532ea7200d1724bf314c05c2d2ddd544d151979ce6da2ce
                                                                                                                                                                                                                                      • Instruction ID: ec0df617fd0acc7072cd074f0824d8ae6ac93be4a3c1e9172f830f2770a5fe7c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5396214466aeeece532ea7200d1724bf314c05c2d2ddd544d151979ce6da2ce
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38F09E697142400FD705A63D59507AB2ED7DFDA261314416EE10ECB3C6CD318C0643F0
                                                                                                                                                                                                                                      Function 064F6CB0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 32458c80d149788715a36ed85b644f89dd219bc67ec3ada4862c4d36c10a87d9
                                                                                                                                                                                                                                      • Instruction ID: 307605746cab6e2decfbc81cf36303f00a982adcfb7ac1d33397b35c1c89015b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32458c80d149788715a36ed85b644f89dd219bc67ec3ada4862c4d36c10a87d9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EEF02732B102226F8B6493EDA88066EB2C9FFC8260305853AD62DD3340F9516C0143EA
                                                                                                                                                                                                                                      Function 0329A474 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8b226b8a8412954cbc57386c03556d2aa35609f3c54ea1c6207df8870b151af7
                                                                                                                                                                                                                                      • Instruction ID: aaf973d2a15f5090cd7102ab12b6b271305571f3473a7d952204a950aae80737
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b226b8a8412954cbc57386c03556d2aa35609f3c54ea1c6207df8870b151af7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58012431A10216CFDB199FA8C5197AE7BB2EB88304F20156AD405A7390DB7A8D41CB91
                                                                                                                                                                                                                                      Function 03296A80 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3d1767876e9e2e1fe1b9ad2c5ce26b7ca0f692d906b0df24ff056eb7f50860b0
                                                                                                                                                                                                                                      • Instruction ID: b90e1838f69397d98929a127df1e2703010135f96161d51734995153481d634d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d1767876e9e2e1fe1b9ad2c5ce26b7ca0f692d906b0df24ff056eb7f50860b0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55F0F632A20219DFDF05DBA4C4155EFBFF6AF88310F058526D002AB240DEB06946C7D2
                                                                                                                                                                                                                                      Function 0329A8FF Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8bce955c855f3adc1771208fada0062c8f6d1575d4eade38caf225e83acf9ee5
                                                                                                                                                                                                                                      • Instruction ID: 9eed8d6653294384ebf892897683669faf2e1b961ef2eeff883114b0801c75d8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8bce955c855f3adc1771208fada0062c8f6d1575d4eade38caf225e83acf9ee5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8F022768263069FDB05CF78F9677CDBF70EB4A210F144196D40483202EA305A03EB20
                                                                                                                                                                                                                                      Function 0183D2F7 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2336519306.000000000183D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0183D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_183d000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 20e5af63f35f4d30c352a4d7e23f147bd432e250050d6010d49a973650a85fb0
                                                                                                                                                                                                                                      • Instruction ID: 9ab9795761b8114973945310eda4dde3a097e1bc895cb1e9324b2b4d50037596
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20e5af63f35f4d30c352a4d7e23f147bd432e250050d6010d49a973650a85fb0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77F0F976600604AF9720CF0AD984C63FBADFFD4770759C55AE84A9B712C671EC41CEA0
                                                                                                                                                                                                                                      Function 060E61C3 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f2f2d5ed32844348c659f27f57c97bbf33db3fb6e48be672e869c994f62fdb4c
                                                                                                                                                                                                                                      • Instruction ID: 44d1349db0135c0161e09620bd22828b10d0f8c6a396520e99bb02a590e1475a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2f2d5ed32844348c659f27f57c97bbf33db3fb6e48be672e869c994f62fdb4c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7016D309412159FEB119BA4D8187EEBBF6FB58300F104529E502B7285CB761E05CBA1
                                                                                                                                                                                                                                      Function 060E1FCB Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 24a034d9f6b9f120e00ce0d73b6d8a14afb4a87a0304b415beb419e8467ea38c
                                                                                                                                                                                                                                      • Instruction ID: daf43f555d1dfdbb6d0cd45a0582511d00a91dfa79b7ddaeb6c3250ec4a2b3f8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24a034d9f6b9f120e00ce0d73b6d8a14afb4a87a0304b415beb419e8467ea38c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48F02B329511559BEB15EB70C4295EFFFBA6F48300F10452AD813AB281EE705A0BC7C2
                                                                                                                                                                                                                                      Function 064FA730 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c166e5eb611cee1390ce202296af11517e629dcf5a4e0ce3b09fa4ed48b4499f
                                                                                                                                                                                                                                      • Instruction ID: d99b69bd7d0ec26a244dbac1cb9ca2f51a0693092966648a9b70e33d1981fa37
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c166e5eb611cee1390ce202296af11517e629dcf5a4e0ce3b09fa4ed48b4499f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57F0AF34424340EFD775EF20C444AA7BFF9FB05260F00099AE14687692E776E988CBA1
                                                                                                                                                                                                                                      Function 064F0941 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 901c912e45cdf74a34468207c2e71d9f784e5a9fd4317b87259a73ed17471f8c
                                                                                                                                                                                                                                      • Instruction ID: 46edb6c632a028f7c1504f07d4b9d45e38cc82493c77bd0d3c69f7f294d98cf4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 901c912e45cdf74a34468207c2e71d9f784e5a9fd4317b87259a73ed17471f8c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AF05036A1010597DF15DB60C5259EFFFBA9F84310F04842BE402A7340EF70190BC6D2
                                                                                                                                                                                                                                      Function 0329FBA0 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 21f8aff4445827590427fe375317283d482f58f50cd45a31e123af17f1f11bf6
                                                                                                                                                                                                                                      • Instruction ID: b66af9ed487273fca598c426ae97f6a65d07f22ee06f1fcca72f4e2ae122cda7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21f8aff4445827590427fe375317283d482f58f50cd45a31e123af17f1f11bf6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DF06D313002015BC704DAAEE990C5BB79EEFC9255354896AE409CF328EA62E90687D0
                                                                                                                                                                                                                                      Function 0183D0F0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2336519306.000000000183D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0183D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_183d000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 629e2f18130714c3eef7f864ce40f37dd1957cad8c87e18a950a3a0aee46174c
                                                                                                                                                                                                                                      • Instruction ID: b7e57948bc8a31e6b9acf2dee34fd48123c5f2bfbe5e144ea4ce73c76db6bf09
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 629e2f18130714c3eef7f864ce40f37dd1957cad8c87e18a950a3a0aee46174c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59F0CD72005344AFEB218A0ACC84B67FFA8EF81724F18C55AED484F282C2799844CAB0
                                                                                                                                                                                                                                      Function 0329B0D8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f3764081f8480636b61c7e3a1f6160e0bedcabb9e5c8bffa622376b0566419e8
                                                                                                                                                                                                                                      • Instruction ID: fd002757abce0941bc1d4d32a157915af6c1f7ffc218c8375aa9864b50dd5ab7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3764081f8480636b61c7e3a1f6160e0bedcabb9e5c8bffa622376b0566419e8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1F090369202099BDF15DB64D415AEFBFB6AB48710F01482AE416AB340EFB4294BCBC1
                                                                                                                                                                                                                                      Function 032936C0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1007e049547dae42699b9b169112d1f0509e2b0fe8aece9a53897e60076965ca
                                                                                                                                                                                                                                      • Instruction ID: 07ed150c9a2059f1d99c3da754638a9a0502a7fed22fb53aa2915b39e13a4e70
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1007e049547dae42699b9b169112d1f0509e2b0fe8aece9a53897e60076965ca
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5F050725047154FE714CF1D9491455FBE2FED5210784456FC14EC7260EB35A80BC7C8
                                                                                                                                                                                                                                      Function 03297A47 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ffa115c3f58d7338250a39fe252c4862f01d56d15e6f9bd562c638dc1bf66ef0
                                                                                                                                                                                                                                      • Instruction ID: 41fb308d46e23ed6c2e059042105de5da26d35df75a18d44ce83d163355afbf4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffa115c3f58d7338250a39fe252c4862f01d56d15e6f9bd562c638dc1bf66ef0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB019774A2170ACFDB14DF59C544A9DFBB2BF49320F198295E018AB3A5C7359D81CF50
                                                                                                                                                                                                                                      Function 0329EDD0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 226cc891612214372aecb4201e1aabdb6011888f631109ae6df0fce30790ea22
                                                                                                                                                                                                                                      • Instruction ID: ee57b2c16f61223c41fff50de97402fca4a7da426672cfe41016396c6e3b5394
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 226cc891612214372aecb4201e1aabdb6011888f631109ae6df0fce30790ea22
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86F02B76D201499BDF15DB74C5566EFBF769F88310F09842AD002BB241EE745507C7D2
                                                                                                                                                                                                                                      Function 060E5239 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6f16ce95ef82a2110f475d4213343d51f9441374b19d074725045eaf275adbc1
                                                                                                                                                                                                                                      • Instruction ID: d51e5695261534c0b83051fc3d3d8abf0a96d659d50740ceb16316c693b15cc0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f16ce95ef82a2110f475d4213343d51f9441374b19d074725045eaf275adbc1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DF01935A001099BCB18DFA8C4004D9FBF1EF9C310B14856ED995B7200DA326956CFA0
                                                                                                                                                                                                                                      Function 060E52B0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d18a939cbd89f2fd246f9cfe901af847b48d11c6a0e228aefabfce9ba4a299e8
                                                                                                                                                                                                                                      • Instruction ID: dc9b8f44b65bd8ad32b0cf21105ae2ea24772b2faaff858c259ad16e7eddac9e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d18a939cbd89f2fd246f9cfe901af847b48d11c6a0e228aefabfce9ba4a299e8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5F0FC30E053D65FCB61CB79DC544DEFFF59E4222470486ADD4A5C7142E7316806CB91
                                                                                                                                                                                                                                      Function 060E9EC1 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b229375c3105452766e06f889cf0310656d12ac0a2b4295d8e8067614e833154
                                                                                                                                                                                                                                      • Instruction ID: 3e681eeefeccaef29b5ab1f7a1c61f0e1c7780aed0c07d0d9bd25ce277a8e947
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b229375c3105452766e06f889cf0310656d12ac0a2b4295d8e8067614e833154
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2F0E936A453519FC7668B76D80445E7FF9EF8522031540BEF515C7342EB39D8018B90
                                                                                                                                                                                                                                      Function 060E9AA7 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ec0a05ced8107ed0f460b687ab93014606d558a5b0c3de4e07f73771238cbc86
                                                                                                                                                                                                                                      • Instruction ID: 2397b4803865ec88ecc302e12efc1be5ee425430836b9eb39a8b350c823933e3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec0a05ced8107ed0f460b687ab93014606d558a5b0c3de4e07f73771238cbc86
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21F02771EDA1716EE7E94B76592E4E97F91EC26190348009EE012CF224F6658043C2A0
                                                                                                                                                                                                                                      Function 064F1874 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bf0d799d1b9e24bd7907082eade592c5499fadeb107c73bbfce27b385b0618ac
                                                                                                                                                                                                                                      • Instruction ID: 4b7bcaa0a0342bc207e61e902ee9aebbe11b0e42145cf0280f83543e44e5ebb9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf0d799d1b9e24bd7907082eade592c5499fadeb107c73bbfce27b385b0618ac
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF01E835A00208CFDB14CF68D990A9CBBB1FF88310F2081A6D859AB365DB319D42CF61
                                                                                                                                                                                                                                      Function 0329C1A0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8068dc70bf5d0856fd6820f29543deba3c995b83cd011a1cd45ad29150b53ccb
                                                                                                                                                                                                                                      • Instruction ID: 6e2be9b90fa3e60a87a5b4e7ece54c443c5faa6c0dd738209bfc5e72010daf7a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8068dc70bf5d0856fd6820f29543deba3c995b83cd011a1cd45ad29150b53ccb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18F0F072E2010ACBDF05DBA4C5656FEBBB29F48314F148926C122BB794EF70A906C7C5
                                                                                                                                                                                                                                      Function 032997F0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 79a18214e58faea1a359e185b7baf84418b81d22cc156e9c5e58ff299745b5a4
                                                                                                                                                                                                                                      • Instruction ID: 28c0f21125d952dd61b3faa80d9afc49ff0a09877e85397ba8423f0f5e03aade
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79a18214e58faea1a359e185b7baf84418b81d22cc156e9c5e58ff299745b5a4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70F0C2369202499BEF05DBB0D4555EEBFB6AF44310F05482ED402AB250EFB4594B87C2
                                                                                                                                                                                                                                      Function 032934E0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 52b81ce539cade522d5f33930c7e953a2d79a0bb4fc138cf7899d5f75533267b
                                                                                                                                                                                                                                      • Instruction ID: 956a8c8f48ce891227ac3c8a1042d72f68692b41308e7568cd080be083e54870
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52b81ce539cade522d5f33930c7e953a2d79a0bb4fc138cf7899d5f75533267b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EEF082357152045FEB19CA0DD464F7ABBE9EB8D370B18406AE909C7350DB76EC80C794
                                                                                                                                                                                                                                      Function 0329CFB8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 524a747595164fee2df60aecfca24bba72549969a7096d0465fb8dd4f026afd9
                                                                                                                                                                                                                                      • Instruction ID: dda16205ac7b5e79c6d8545f3482ca6b210c1f9ff42f7e99fd853f994b90eb4c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 524a747595164fee2df60aecfca24bba72549969a7096d0465fb8dd4f026afd9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05F067317003119FC719AB39E454A2E77AAEBC83553604579EA0A8B310EF7AEC02CBD1
                                                                                                                                                                                                                                      Function 064FE4E8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d2fb11be1c39f180196340012bf71efe69d81b8efee69cfe1846ba52c9f86480
                                                                                                                                                                                                                                      • Instruction ID: 106a9f7844c3042a263d63f56363b1518024b0a40636f9cf2f0dc9a1ab60a95f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2fb11be1c39f180196340012bf71efe69d81b8efee69cfe1846ba52c9f86480
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AF04FB0D16216AFD7A0CF74C8147AB7BB0AF04715F14196ED045E6662E770A504CBA1
                                                                                                                                                                                                                                      Function 03299BD1 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f8d93404043990c362024248d1416f7a84888741d96d85f6a7ed5973bcfc8634
                                                                                                                                                                                                                                      • Instruction ID: 4de6dbe070456b6116f2d3c7640908cc3820caece9c9caeff999535811a6174a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8d93404043990c362024248d1416f7a84888741d96d85f6a7ed5973bcfc8634
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92F0B432A2014A9BDF15DB60C4156EFFFB69F89311F00882AD812AB340DFB45A47C7C2
                                                                                                                                                                                                                                      Function 0183D2E8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2336519306.000000000183D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0183D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_183d000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2ed7c93b7627a1bd58b7165efeb53ae806ba6f030ce8bb2676babfe1b8046b82
                                                                                                                                                                                                                                      • Instruction ID: 5f03359167ee859b41e3e3e3f4f8c6ecac6736ca7d9358a3a3b7c964647198c2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ed7c93b7627a1bd58b7165efeb53ae806ba6f030ce8bb2676babfe1b8046b82
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3CF0FF76100640AFD715CF05C984D63BBB9FBC5724B198589E8555B752C631FC41CFA0
                                                                                                                                                                                                                                      Function 060E280C Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9694202dac7b628f61c779c2c49e597ef2d49fecd9f2392c88e5f8f3b601f5cc
                                                                                                                                                                                                                                      • Instruction ID: 4a9d2be927b3e12745d2d395b0338ae0712f05b40d459827c74717a7b5a0b9b3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9694202dac7b628f61c779c2c49e597ef2d49fecd9f2392c88e5f8f3b601f5cc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8BF0FF30B401168FDB48DB60C655BAE77F6DB88B04F204054D5069B395DFB5DE42CBA2
                                                                                                                                                                                                                                      Function 064F73B9 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: be081b58a21ef0437692e28c6592ef3f6248139ebceacdae60c7845697c39323
                                                                                                                                                                                                                                      • Instruction ID: 34605eabf57ee20a81251169effa017ed768e200de2d754ad6416ea3efc882dd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be081b58a21ef0437692e28c6592ef3f6248139ebceacdae60c7845697c39323
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0F0A7393401509FD345D778D959B5A3BE6AFC9611F15405AF60ADB3D2CA20DC0687E0
                                                                                                                                                                                                                                      Function 064F8F70 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d34a2cf56c0cf9d5c09bf9d51dad7cf82efd3de6e0050e05a3dec2eca3e65168
                                                                                                                                                                                                                                      • Instruction ID: b3b946a24f99bdd2cc26e97ba532689010d994db7e6276480a7f18ac51a8de5c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d34a2cf56c0cf9d5c09bf9d51dad7cf82efd3de6e0050e05a3dec2eca3e65168
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9F039753001104F8B84AB7EE894D2A7BEAEFCA66131104BEE20ACB3B1DD21DC0587A4
                                                                                                                                                                                                                                      Function 0329C1B0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5beea6a4e03061d0d8febf37a0a8f4eb75e09287d7ea0b9ff225b9fefda9bf9b
                                                                                                                                                                                                                                      • Instruction ID: bf75801a7d83f2a66eeae97522d68db5e9e377c6080568fafc145f8838135cac
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5beea6a4e03061d0d8febf37a0a8f4eb75e09287d7ea0b9ff225b9fefda9bf9b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FFF0E232E201099BDF15DBA4C4159EFBFB69F88300F00882AD012BB350EEB06907C7D2
                                                                                                                                                                                                                                      Function 0329D5A9 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: aeac1e6fa23b24bd7ce739ed8c631d4e6d4a4e19a190e61315ca68e63e59433d
                                                                                                                                                                                                                                      • Instruction ID: 6b0415e88d3e569a10c45e57768096e3d217eccd5f3f17a8a73667dba82f452d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aeac1e6fa23b24bd7ce739ed8c631d4e6d4a4e19a190e61315ca68e63e59433d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93F04F31A40209EFCB04EFE8E991B6DBBB9EB84300F608165D8019B244DA75AE05DF91
                                                                                                                                                                                                                                      Function 0329EB18 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 732dde2a7f518ebe7232d6fe01c0c6713da53a370df231921f4c2d05007112d6
                                                                                                                                                                                                                                      • Instruction ID: 69b87a56f9c383c8e1f19b2ea330ac418998f553753d7effc2c788a75286ecb7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 732dde2a7f518ebe7232d6fe01c0c6713da53a370df231921f4c2d05007112d6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AF054329201099BDF15DB64C4655EFBBB6AF44310F05482AD412A7240DE746906C6D2
                                                                                                                                                                                                                                      Function 03296A90 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1480a8172c8d2a50636f4e03a9daa38f6accd4ed116ec9aa80d7cf57b85b2168
                                                                                                                                                                                                                                      • Instruction ID: 8bc6fa44c110ede095672cf2305d5d36105e416e64cbf4a9e9dbc8c6317eeac0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1480a8172c8d2a50636f4e03a9daa38f6accd4ed116ec9aa80d7cf57b85b2168
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7CF08232E202499BDF15DBA4C4559EFBFB69F88310F05883AD513BB240DEB46946C6D2
                                                                                                                                                                                                                                      Function 060E52C0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3d5e52d9b93fbdcea110c5a3fd7b10ddd027468aecd49cefd8d0971726cbc0cf
                                                                                                                                                                                                                                      • Instruction ID: 9491e576d92f3dc68b0f36f12599b7f520e64e8d1c84a582d35c9eba75d76732
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d5e52d9b93fbdcea110c5a3fd7b10ddd027468aecd49cefd8d0971726cbc0cf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5F05431E002699FCF50DBA9E8044EEFBB5EE84625B00C56ADA6DE3100E730A615CB90
                                                                                                                                                                                                                                      Function 060EDA60 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2234a9ff2d50826de738c2c7b249e81385c091ba695e34fb8e0d9013af771914
                                                                                                                                                                                                                                      • Instruction ID: 4d510037bc5d4bfd6025458fe90b87df65af82c12bbf6006ccfa0abb3c28f8bb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2234a9ff2d50826de738c2c7b249e81385c091ba695e34fb8e0d9013af771914
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1F01C323042255FC7589A69E88086EBBEEEBC8261704463AE519C7351EA71AD4587E1
                                                                                                                                                                                                                                      Function 064F1A20 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ac324d8d46a0f538fcbc574c454f7c67bd8a5d0ba1ebe42683eed412f561d270
                                                                                                                                                                                                                                      • Instruction ID: 553c626163a7569dd9c21a0dc0ddf64b9d131a12d94a72a48f5b89fd6c371172
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac324d8d46a0f538fcbc574c454f7c67bd8a5d0ba1ebe42683eed412f561d270
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2BF08932D1010997DF15DB64C4155EFBBF69F44310F05442AD502A7240DF74590BC6C1
                                                                                                                                                                                                                                      Function 03291340 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a12cf1d6fe3e71fa18a71cdb14c3b08d4c30c55d177255945a00afddffc819d6
                                                                                                                                                                                                                                      • Instruction ID: ff3815b6ef3364f997b6f65063b9e17fe585aa6386b68ce0a75fecc734d626ee
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a12cf1d6fe3e71fa18a71cdb14c3b08d4c30c55d177255945a00afddffc819d6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DF05C20B4023A0BDE046798A44067B775ECFC97D5F044162CF064B74CCD34DC0157D4
                                                                                                                                                                                                                                      Function 0329D024 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5cae109728b2bb5f4fc3face554b724e70405349a28e9e610099613b271e5e9d
                                                                                                                                                                                                                                      • Instruction ID: 8f8750bb0f22348a4e53d07b12e75a92c6098932bf42cce96ba083268bfb72a3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cae109728b2bb5f4fc3face554b724e70405349a28e9e610099613b271e5e9d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72F059723102018FCB119738E45082D7FE2EEC420138440ABE04ACB220EB29EC07C741
                                                                                                                                                                                                                                      Function 032944B0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8dfe4deb3e5dfbe1c1c452cfc82646e3a6ebcedee7d395730c9044dbafb5b7c2
                                                                                                                                                                                                                                      • Instruction ID: be76606813650841b806f134c06cb26946a0d43b02c86ef6f825161ba7bd4fa3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8dfe4deb3e5dfbe1c1c452cfc82646e3a6ebcedee7d395730c9044dbafb5b7c2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38F0E272818359FFDB00DB79E901629BBE8FB59300F6851AAD905C3245EB349B01C786
                                                                                                                                                                                                                                      Function 03299BE0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a8844c0c4328c9577b80a60def3d10a3e944c27dca79cbfbf21eecaf4f799fcc
                                                                                                                                                                                                                                      • Instruction ID: b6d530a67e2b792dd88b6cb79b1648f0c71b9a9488f0ce5a0ee310bc626084d6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8844c0c4328c9577b80a60def3d10a3e944c27dca79cbfbf21eecaf4f799fcc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9FF08932E1014A97DF15D764C4155EFFFF65F49310F05842AD412A7240DFB4594686D2
                                                                                                                                                                                                                                      Function 060ED2EC Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 90ed96bba5fdd777a49560563f414b774692f417ebc86e0b121652b652e181a8
                                                                                                                                                                                                                                      • Instruction ID: 5d7388c1feda8bb36a18b95e4951ee7c4ba01d132868080d2573babc4d7a6255
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90ed96bba5fdd777a49560563f414b774692f417ebc86e0b121652b652e181a8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06F0A035F801308FDBE59678A9001AD7BE6EF8521075044B9E816CB2E1DE31CC418781
                                                                                                                                                                                                                                      Function 060E61D0 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3a3186ee4d75a8d4c5e6cbd2df4eb9193b9834c361086b3e3dd2981d97e4f169
                                                                                                                                                                                                                                      • Instruction ID: 84eed10ab8bb27835492f4bc04c59419c7685e16832b3825e599571501ec7032
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a3186ee4d75a8d4c5e6cbd2df4eb9193b9834c361086b3e3dd2981d97e4f169
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9FF09030A502299FEB109B94D8187EEBBF6FB58300F104129E902B7384CBBA0D04CBA1
                                                                                                                                                                                                                                      Function 064F6C50 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f016575e77a3b1478919aa659304b4dc06fb3be7544558978da0b3ef28b58388
                                                                                                                                                                                                                                      • Instruction ID: ebda08a353cd158b9dfc005406be9049b3f3cd7be79182ec0347b01c98e1f53f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f016575e77a3b1478919aa659304b4dc06fb3be7544558978da0b3ef28b58388
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8EF0A7303001109FE7545F69E908B6677E9EF48B15F108095F549CB760DAB1DC018B90
                                                                                                                                                                                                                                      Function 064F8BBF Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ad47c600a626a7e3b7d1bb78815ebfe1e151875c056d66f66da7774dbad6a9b5
                                                                                                                                                                                                                                      • Instruction ID: d48f7990334f8a748480507707ebfaf91562a8ada4c326e11ce5c6c7bb2bf444
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad47c600a626a7e3b7d1bb78815ebfe1e151875c056d66f66da7774dbad6a9b5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9DF0E5723402005FD7059B6CAD8199AB79AEFC1321B08847AE10ADF396DE26DD0AC7D0
                                                                                                                                                                                                                                      Function 0329BB86 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0db10c9ca8ab9dff799f6845ab6a2cc479f4c86ea7ac9f50e5fb69552649c02e
                                                                                                                                                                                                                                      • Instruction ID: e8c3775c1c2fecc05607dff4d3926f06203ba680579109a78832a153649c863e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0db10c9ca8ab9dff799f6845ab6a2cc479f4c86ea7ac9f50e5fb69552649c02e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CF03C36E0061A8ACF10DBA4D8145DDB3B1FF95300B124565D5097B110EB706A96CB80
                                                                                                                                                                                                                                      Function 060E84A8 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 32e17d14841ef43b69286853d71b07cb5910595401b3b1e475846434324b94b9
                                                                                                                                                                                                                                      • Instruction ID: 0fa27747a9434d229aeac3355e469922192edbfce8202a43d08c6e2323359954
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32e17d14841ef43b69286853d71b07cb5910595401b3b1e475846434324b94b9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11F05831340A148FC724DF29E984A06B7FAFF846117048669E10AC7A64DB30FC06CB90
                                                                                                                                                                                                                                      Function 060E5151 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d66ac382095e07ebbf22d1e8c849a692922a0c85c895fb5f29ef84b7b84fca59
                                                                                                                                                                                                                                      • Instruction ID: 3627350185323550cc82adee8279b35d5014e92f282b438db2663b17cacab1c9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d66ac382095e07ebbf22d1e8c849a692922a0c85c895fb5f29ef84b7b84fca59
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40F0A731D05394AFCB55DFF998004DABFF4AD05220B1486EAD5A9D3081E2759654CF91
                                                                                                                                                                                                                                      Function 060E9F40 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a0bde4b38de8521468e900ab6a21dd0409a1a48947089e5eb46f2f2a3a7b5fd0
                                                                                                                                                                                                                                      • Instruction ID: 9ad9a874449aeaeb244cec3932c3ad789690b7eda6f3219c18506b46e30a2f29
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0bde4b38de8521468e900ab6a21dd0409a1a48947089e5eb46f2f2a3a7b5fd0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7F0A0312402115BC7149B5DE440A997BA9EBC1325B08853AE20DCB651DB76EC4ACBE0
                                                                                                                                                                                                                                      Function 064F04A2 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a896a806882a0eca2c286945be186465ee8f2256fe0f1822412c28ac2237d3e1
                                                                                                                                                                                                                                      • Instruction ID: 401744e092960613fd9f9a07f353cb421c57854436d1a06782621b9f70455bfd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a896a806882a0eca2c286945be186465ee8f2256fe0f1822412c28ac2237d3e1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56F01C6410A2805FC712DB60CD61952BFB1AF9B200B0DC1C6E485CB357C625ED86C7A1
                                                                                                                                                                                                                                      Function 064F4018 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: fd0c1422ddb1ae129d593e096b2ada30cc410b27d4636cc52ae650aee10c85d8
                                                                                                                                                                                                                                      • Instruction ID: b50dd2adb72f59d970c727c3b48dcd6a654db0968ff141b7e058a7d0cbdd7ccb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd0c1422ddb1ae129d593e096b2ada30cc410b27d4636cc52ae650aee10c85d8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91F0A0702052407FD3098618DC10EABFBADEFC5310B04896AF444CB265C6B59D468BB5
                                                                                                                                                                                                                                      Function 064F8AB8 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9110ade61466b4fb8c28fb42fe61a64f5e2c654e4430543c8cefcdb9ef179c9c
                                                                                                                                                                                                                                      • Instruction ID: 262705ef1c5836da4450d0e4d14e4ffc06626f3d3669d01e069ec848faf2b9b4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9110ade61466b4fb8c28fb42fe61a64f5e2c654e4430543c8cefcdb9ef179c9c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0E092357142409FC2118F6AE8509637BF9EFCF2207041096F585DB312C620EC02CBA5
                                                                                                                                                                                                                                      Function 060ED550 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d781af628bd72af0d9d694014d554f6bcb7384bcba9847b065e2f963e7af7a72
                                                                                                                                                                                                                                      • Instruction ID: a97585a90268676c57280187594e76899f37e30d1b0529f555a062ea0aff4e41
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d781af628bd72af0d9d694014d554f6bcb7384bcba9847b065e2f963e7af7a72
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8E0DF36B405208F8BCAB77C64A41BE7B93ABCC0013108039E72BC3384FE358D020392
                                                                                                                                                                                                                                      Function 060ED59B Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ed11141d72858a4a49a05f8542a001cbc37555c4c84dd1e950bad8f6bcc731a4
                                                                                                                                                                                                                                      • Instruction ID: 0453252c7430339b2a2fd20ce7d11ce34fd4e80e57e00276bd65919fc2de9f17
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed11141d72858a4a49a05f8542a001cbc37555c4c84dd1e950bad8f6bcc731a4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31E04835B405214F8BCAB778646417D77D7DBCC1113548079E66BD7344EE358D034396
                                                                                                                                                                                                                                      Function 060E6FC8 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e298623889d98f98c52d0c66af1cec755636b1283f2079acb049333171174ca5
                                                                                                                                                                                                                                      • Instruction ID: 10d6e1d7cc7d087bfc01983f156207be68b5a8627d121d5f70194982fe1b8402
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e298623889d98f98c52d0c66af1cec755636b1283f2079acb049333171174ca5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4DF0F872204250DFD304DB28D854C667BB6EFDA71532681AAF009CB362C631DC06CB60
                                                                                                                                                                                                                                      Function 0329D5B8 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f05e43a4544111dc1ca7af589e97c487db25098a3399745c0c650089bb3c43d3
                                                                                                                                                                                                                                      • Instruction ID: c3c75074eeb8a6a95eb3933a70470e9098d042c2c9c69007e48cad7c20691226
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f05e43a4544111dc1ca7af589e97c487db25098a3399745c0c650089bb3c43d3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58F03030A00209EFCB04EFE8E991A6DB7B9EB84344F608169D805AB254DA75AF05DFD1
                                                                                                                                                                                                                                      Function 060E5248 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ea7bb6201aee1f8a89796057ef3e957e6b2cabef9f970a95a258364f2be2e61d
                                                                                                                                                                                                                                      • Instruction ID: 96a5c9414d2c7dd96cadd00dd9f92a51eb932716ab23c5e6907a29c10c6669c0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ea7bb6201aee1f8a89796057ef3e957e6b2cabef9f970a95a258364f2be2e61d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5F0D436E001189BCB05DAA9D8508DDFBF6EF8D320F14856AD91577340DA326E56CBA0
                                                                                                                                                                                                                                      Function 064F9E38 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cca0dfd851e00b391dedd9ec081fa78bda67165d4631e1dbef79ad56c687f5c0
                                                                                                                                                                                                                                      • Instruction ID: 6023888d537bc42457d8ac835874361df8183dd293ef96e0fd6333e06c744bc3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cca0dfd851e00b391dedd9ec081fa78bda67165d4631e1dbef79ad56c687f5c0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44E092392057406FC7128A5DDC00E937FA9AF5A21070880A6FD84DB322CA61DC4987B1
                                                                                                                                                                                                                                      Function 064F1930 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 513aa94c8b663c4cde9ccd811a641c961946ba192080a5b96ee746757840ee78
                                                                                                                                                                                                                                      • Instruction ID: 40bcd74470d21fb7fe9759ed702cf0a29603de89f3020f3c4f59382a48cc36b4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 513aa94c8b663c4cde9ccd811a641c961946ba192080a5b96ee746757840ee78
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70E06D3020E3D05FC32787249C20A937F68AEC320574E81EBA498CF293C6198D06C3A1
                                                                                                                                                                                                                                      Function 060ED4F7 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b6e80ee386cbb9ef4c9f811a40fd70ea6a5d6f8e2b1f1ed290563b0e15f6b79e
                                                                                                                                                                                                                                      • Instruction ID: a3850b3a121ae88aeca96e3e384155ab53cf69b2bca95b8fe4f69ef365f9dcd8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6e80ee386cbb9ef4c9f811a40fd70ea6a5d6f8e2b1f1ed290563b0e15f6b79e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99E02B327406118FD749E734A4603AD7753EFC4250F048134D626C7780EF368D014BD2
                                                                                                                                                                                                                                      Function 064F26AA Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c2f03f2c30114d3f017adc2822c11ddd21a733e1b8838b0402ca50969dab83b8
                                                                                                                                                                                                                                      • Instruction ID: 912f38eec7b9057e8329e751f91c216273bcf54bd446b14f6a22a4bc2586f831
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2f03f2c30114d3f017adc2822c11ddd21a733e1b8838b0402ca50969dab83b8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07E0D8357051549FC7024768BC110C9BF269FC5125305C0D7E5099B116CE318D17C3A2
                                                                                                                                                                                                                                      Function 064FE4F8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8fd2b4cee00c9edd204443823b13a309d1895d6018105cf5e77cf9e40715fcad
                                                                                                                                                                                                                                      • Instruction ID: 3f08acd08a5ace426f3d4fe8c9da19a762c9a7fd3ad760cd27ac8ffcae671e5e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fd2b4cee00c9edd204443823b13a309d1895d6018105cf5e77cf9e40715fcad
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FCF03AB0D21316AFD7A0DFA8C41476BBBF0AF04701F1419AAC145D7662E770AA04CB91
                                                                                                                                                                                                                                      Function 064F73C8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b97ef7cf549210d4fc2edb31c6e1c9deda53f37f3985050574f4dd2e426e2cd2
                                                                                                                                                                                                                                      • Instruction ID: 1330a5e4ffeff46a988f10f7d54894f5d7b97881a52477b1490acf9bd064cc6d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b97ef7cf549210d4fc2edb31c6e1c9deda53f37f3985050574f4dd2e426e2cd2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80E092393401149BD388EB69D955F5A77DAEBC9711F208059F60ACB391CE21EC0687E0
                                                                                                                                                                                                                                      Function 064F3E0C Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 76e13159abf13b279a26b42ade8b7c2a5b107838f971a60841a245d55a2db606
                                                                                                                                                                                                                                      • Instruction ID: a2c6c23c9e9a8b8436761e961444079e7ac930b0b4df9d4abb7666fbef0b992d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76e13159abf13b279a26b42ade8b7c2a5b107838f971a60841a245d55a2db606
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4F01230A60209CFDB529F68D65DBAEBBB4EF08356F148425F50297260DB789D80CF80
                                                                                                                                                                                                                                      Function 0329BBF3 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 43514cdc0974cbcb62c0c4e89b0a23d68e6e92c48168bba1348893a9d4a77a75
                                                                                                                                                                                                                                      • Instruction ID: 9d96b6da9d373c56f304da0798704e4bd32ce0ce19552d759ab886fa426d3651
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43514cdc0974cbcb62c0c4e89b0a23d68e6e92c48168bba1348893a9d4a77a75
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05E09232340210BFDB048614E811FAB77ADE7CD764F148029FA09CB341C676EC42CBA0
                                                                                                                                                                                                                                      Function 064F8DE6 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 73ddc97302e97d427e9b3088703c60e07287f5946f88ff97c2a6a70b9ecc5634
                                                                                                                                                                                                                                      • Instruction ID: 622da3a3f048bbecec63193a4e50e1249fac2ca741e1bb24c4d01749e194ab0c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73ddc97302e97d427e9b3088703c60e07287f5946f88ff97c2a6a70b9ecc5634
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9E0D8357142105FD3214329E844A67BBEF8BC9610F08005AE60DCB360CA60DC448360
                                                                                                                                                                                                                                      Function 03290839 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 011ade085887fb1647176db1f7db7d22046d5d26bf022e0a695aef843b9dcebf
                                                                                                                                                                                                                                      • Instruction ID: c4a040f925f42b5db4bc0dcdb75676f545c9907a3cd11347770403ae2c3f025e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 011ade085887fb1647176db1f7db7d22046d5d26bf022e0a695aef843b9dcebf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1EE06D72E001189F8B50EBBCA80519DBBF4FB4C210B004875DA0EE7200EA318B048BD1
                                                                                                                                                                                                                                      Function 060E6FD8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 73319fdd099f1286584ebcbc9b43a86341bd70caceffadfe7fdf0ff2b6ffcbe8
                                                                                                                                                                                                                                      • Instruction ID: 760798cd094ab22dbfc45e7947725179f49922ca0917f09fcf2ce22cafc7c65d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73319fdd099f1286584ebcbc9b43a86341bd70caceffadfe7fdf0ff2b6ffcbe8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7E052762002149F8358DB29E948C66B7EAEFCD76135581AAF509CB321CA71EC45CBA0
                                                                                                                                                                                                                                      Function 064FE4A8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 69c8ec4c926c552c424eda2af72c5332f796bd7c5d20b3e80d34e96cda7d1476
                                                                                                                                                                                                                                      • Instruction ID: 1ca62e4b6bfeec39975dddf6b10f46f3c53029a4036e068a0940a820b08ef7e5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69c8ec4c926c552c424eda2af72c5332f796bd7c5d20b3e80d34e96cda7d1476
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2AE02B306207109FD331DF69E00475A7BE9AF05619F04059ED54A47B62C790F844C790
                                                                                                                                                                                                                                      Function 060E67B8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 82110aeb1114a3e67dafc1ecc6fe0283ffefd6e8cbabdad1752ed7ab1cd8a904
                                                                                                                                                                                                                                      • Instruction ID: a8c1965a5061c87cc75e6ba5a19c1a71044c2ae32415a5d62c8420408351e3e7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82110aeb1114a3e67dafc1ecc6fe0283ffefd6e8cbabdad1752ed7ab1cd8a904
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7E0ED70E0031ADFCB84EFBDE5541AEBBF5EB49200B50816AE919E3340E7315A058FD2
                                                                                                                                                                                                                                      Function 060ED33A Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 59d4ad3358e2edc304a82d29b1acc7bda7d781f10ba3f5a374ab8a3043022da0
                                                                                                                                                                                                                                      • Instruction ID: e2b21f2f7704d3aceb532c7e5217e49af447b4e3d6b3a8ff55edf9f1a582b7e8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59d4ad3358e2edc304a82d29b1acc7bda7d781f10ba3f5a374ab8a3043022da0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DE02C31FC03349FABE6A27468000AE3BE2EF82020300087BE423C71D0EE32C846C382
                                                                                                                                                                                                                                      Function 060E6CC0 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2564ce8f8667b0a0a824397abbe623a564e2e6ced7c10885f505bcd8e1efb705
                                                                                                                                                                                                                                      • Instruction ID: b9883fbcda5a3b183c8dd1863f2bfdf3211d02b69792a31f2d9b6c8bebf4d434
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2564ce8f8667b0a0a824397abbe623a564e2e6ced7c10885f505bcd8e1efb705
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3E092353145009F8314DB5FD888C06FBE9FFC9A2535580BAE54DC7731DA61EC008A50
                                                                                                                                                                                                                                      Function 064F8CB0 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d548e166234d7c0010d5659d6685ce572d7bd21d993e6ff7ca530bdaa789322d
                                                                                                                                                                                                                                      • Instruction ID: 29417aaa0593c58d27602109491435f7c54750db015b45bf3a12f6d2dd12a6c6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d548e166234d7c0010d5659d6685ce572d7bd21d993e6ff7ca530bdaa789322d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAE01A393007048BC764EBA5E548956B7E9EF48761B04856AE55EC7B64CB31EC00DB50
                                                                                                                                                                                                                                      Function 0329C018 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9e9da9767e108d0720b5e7569de2f70c1c1d714ce90496c5e08a1fdf9e61bae5
                                                                                                                                                                                                                                      • Instruction ID: df36d51e033c98a800cd2a4bcfca062369775f0b416cc8f05b51cb528a79e9f3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e9da9767e108d0720b5e7569de2f70c1c1d714ce90496c5e08a1fdf9e61bae5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45E04F313002046BCB049619E814EBB77ADD7CD760B108029F909C7341CA76ED02CBE0
                                                                                                                                                                                                                                      Function 0329BC00 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 81e7eab8929121b2bb4a9369890ab0f1b2a70ff8d60f961a783175a2109ab80a
                                                                                                                                                                                                                                      • Instruction ID: cb6aaaf494e63045208bca7b557839b73beff85529abea60828418d40f76afa2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81e7eab8929121b2bb4a9369890ab0f1b2a70ff8d60f961a783175a2109ab80a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47E04F313001046BCB049619E814DBB77EDE7CD764B148029F909C7341C676FD02CBE0
                                                                                                                                                                                                                                      Function 060E5276 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d0f6ca06cba194b3940015e797e2fe0d74667a555f1dda856f6f7f559d578a27
                                                                                                                                                                                                                                      • Instruction ID: 0b4441e6b0c049fb60af04995b40cac087e159748ab0a5836c561a6809c50035
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0f6ca06cba194b3940015e797e2fe0d74667a555f1dda856f6f7f559d578a27
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3F03935A40119CFCB51DFE4C9505DCFBB1EFA9325F14C46AC9063B241DB32AA92CAA2
                                                                                                                                                                                                                                      Function 060E5160 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cae531316c07282854dbcafe9ce38ceb197e2de9b39b208cc6c7bae57a1e3c6a
                                                                                                                                                                                                                                      • Instruction ID: 6c8997eab3ef539affacf54cda82eb926a17fad94b0cda81949f8d1f69f82b29
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cae531316c07282854dbcafe9ce38ceb197e2de9b39b208cc6c7bae57a1e3c6a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27E04F31D00228AF8B94DFB9D8455EDBFF4AE04665F1086E6E569E3180E73197548F90
                                                                                                                                                                                                                                      Function 064F8AC8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e6d6a72fa5783b7b9005718e54cb91c529b209f2b7c86a279b4e52de36b29d00
                                                                                                                                                                                                                                      • Instruction ID: 08465e4cf6493ee46b29c66fcafb45559abc70b93439e4887e436048bb55e6cd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6d6a72fa5783b7b9005718e54cb91c529b209f2b7c86a279b4e52de36b29d00
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28E0C735B202008F86108F4EE454823B3FAEFCE32130044AAFA4ADB320CA20FC028B94
                                                                                                                                                                                                                                      Function 03293BB1 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 154f625fed9047b8c1d19be6a01f84aaeddd84145503189f5621eafc8a2aff00
                                                                                                                                                                                                                                      • Instruction ID: ac50b9659bc9580d7bf4894e4beabfc3e4e197b642bc9f5b0e77d31fdbd80e38
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 154f625fed9047b8c1d19be6a01f84aaeddd84145503189f5621eafc8a2aff00
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4E04F322041189FD708DB49F524BA5FBA9FB49360F1440A9E50987351DA3A9A40CBA4
                                                                                                                                                                                                                                      Function 03290A29 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2b97121807407dd1740d0dd7c73f5c393f802754a38fdb49212b3352ffadd67e
                                                                                                                                                                                                                                      • Instruction ID: 2d09528fa0a1273415393fc19a079bb95c1771433b6c4521f9b12073c5890ed9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b97121807407dd1740d0dd7c73f5c393f802754a38fdb49212b3352ffadd67e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EDE04F31B11224DFCB659B24D41462E7BE2FB88B41B1988A4EA06EB394DF34DD42CB81
                                                                                                                                                                                                                                      Function 03297E28 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 07278c29516870948baad4daa10ff5dbb7dd213f1c62a42dd158d73b1db6b784
                                                                                                                                                                                                                                      • Instruction ID: 2da54f4fbb1539527bc868b586e04b95b7962983250220c1aee41dce7363772c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 07278c29516870948baad4daa10ff5dbb7dd213f1c62a42dd158d73b1db6b784
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4E0C23A73122A8FEF109B6DD50867A7BDD9F08A65B0840A7F889C7761DB64DD40C7D0
                                                                                                                                                                                                                                      Function 064F9E79 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b83164c7f336ae40a6466aca7e6e1e443aadd1799748d1b2cd37627a48567181
                                                                                                                                                                                                                                      • Instruction ID: 17fea252b079e2aa371b8c9719d78c55509ce0e160f4d44a891b50c5b76448a4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b83164c7f336ae40a6466aca7e6e1e443aadd1799748d1b2cd37627a48567181
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4BE08C39505208BFCB119F55DC04EA27F69EB06310F104189FD018B362C623DC51C7A2
                                                                                                                                                                                                                                      Function 032912DB Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: dcc4034005c1dd23f11a91212c3305acc4078bce5dbe0b4dde9cdc9e56ced4f0
                                                                                                                                                                                                                                      • Instruction ID: c6d13601341330034451a2231a384347b17fab8c8493bdf57615d527d60da1e4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dcc4034005c1dd23f11a91212c3305acc4078bce5dbe0b4dde9cdc9e56ced4f0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4BE0ED346001098FC714DB9DE59199CF7F5EF88215754C4A9D81DEB251DB32EE09CF91
                                                                                                                                                                                                                                      Function 0329960F Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f0d4645afdee182a0d48543e2e8e4626ee6fcc77eb1e4dba7fe716f0d9bea194
                                                                                                                                                                                                                                      • Instruction ID: 979e73468087f21e6cb6f068ae7bbf6e892cd63824aa03f1ebf353f9314104e7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0d4645afdee182a0d48543e2e8e4626ee6fcc77eb1e4dba7fe716f0d9bea194
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FFE0C971D142099FCB44EFA9E4425ADBFF0FB49310F14946ED849D6301EB729692CF91
                                                                                                                                                                                                                                      Function 03290848 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 54b8a7eddab9e568104f7a3803a97033d359cf46d9e06dcbaa073da132dfade0
                                                                                                                                                                                                                                      • Instruction ID: c505a69f2a5ef519869ba5c9eb5e1bcddad634c3bb7ee48a8ef9a4da469ac997
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54b8a7eddab9e568104f7a3803a97033d359cf46d9e06dcbaa073da132dfade0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCE08671E001199F4B40EBBCA40419EBBF4FB48210B00447AD90DE3300FB304F048BD1
                                                                                                                                                                                                                                      Function 064F5050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b8064d54e2a3963ee15dd7c3be4fe3fa5bdb05ec4a3fd99854a3da7c074bce7b
                                                                                                                                                                                                                                      • Instruction ID: de09db15db57acbe79f83affc7de555dd159a4f3607f51856fe04fb2d3226ae1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b8064d54e2a3963ee15dd7c3be4fe3fa5bdb05ec4a3fd99854a3da7c074bce7b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 27E0123100A7508FC3269BB0E9154A13F33DF4622634D09EEE54A97662CB35D989DB91
                                                                                                                                                                                                                                      Function 0329A25F Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cb63567826f9e80e2c86852d7f71634e5f463b93f8012e1acd183c1a337464fc
                                                                                                                                                                                                                                      • Instruction ID: 32627563a88bc880ca153d9702b354df1a34f1f957403e575f14fb69586ca20f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb63567826f9e80e2c86852d7f71634e5f463b93f8012e1acd183c1a337464fc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67E04F31901209AFCF04DFB8ED52B9DFBF8EB45314F4046A99808D7240EB356E149B81
                                                                                                                                                                                                                                      Function 03290A84 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bd2da879f7e26e28b87eeba5006f009d3ff2fa566207b0460595e81876ae6038
                                                                                                                                                                                                                                      • Instruction ID: 751897aa2eb8d91225d5f7464899f297a51c1b87ed11d3b83421598105af2e70
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd2da879f7e26e28b87eeba5006f009d3ff2fa566207b0460595e81876ae6038
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2E026602046825FEB0287355CCA3C0BFB0DF81310B0802DBC2C096042E52C54079353
                                                                                                                                                                                                                                      Function 064F9E48 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 490dc4a8e1c2fe1148188b4373de8d5f457662ce16c4ed81475c5cf4d2ef8c95
                                                                                                                                                                                                                                      • Instruction ID: 9a8c9cb9c72f5e7d4afb9f19e70785c57d432a056a4d11fc2bed36473dee6420
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 490dc4a8e1c2fe1148188b4373de8d5f457662ce16c4ed81475c5cf4d2ef8c95
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7EE08C363006049FC3548A4DD8009427BEAAF98310B08C069F9458B322C672EC448790
                                                                                                                                                                                                                                      Function 064F18CA Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c766c68bd9dd7fbf72d4d580e602fb6c6143fa8405c4317562ef7cf007842803
                                                                                                                                                                                                                                      • Instruction ID: 6af9aac1f2eecea4bcd7f6db34b3cd4a0d9de6b01e23f73feed826f36432d426
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c766c68bd9dd7fbf72d4d580e602fb6c6143fa8405c4317562ef7cf007842803
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5AE09A71E042589FDB54CFA9A84069CB7B4EB84210F1082A6C559EB265DB304955CBA1
                                                                                                                                                                                                                                      Function 03299721 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 619185767770feafe5320c3ec372089319414794448e12ad7ae9eab01833be2c
                                                                                                                                                                                                                                      • Instruction ID: 654c3ef10e79ba2f86da52bbd4ca40f625e4abfc61e92e904b41256df8074c77
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 619185767770feafe5320c3ec372089319414794448e12ad7ae9eab01833be2c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AFE02B323406011FD700E668C844F9977C8AF89798F0200E9F24DCB391EA61EC008BD1
                                                                                                                                                                                                                                      Function 03293BC0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9f336c3a96a77875b9721b9de5c496d7b684dfb8153e59cea3e89a0fc1d1f2b2
                                                                                                                                                                                                                                      • Instruction ID: f4dd1fe66b9c0f0307cab0eec681e198e914c89084cbef29b6893411286351d5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f336c3a96a77875b9721b9de5c496d7b684dfb8153e59cea3e89a0fc1d1f2b2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9ED012316441149FD758DA49D464AAAFBE9DF88360B1481AAE509C7350DA76A840C794
                                                                                                                                                                                                                                      Function 03297BD0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7f8dd1f2c593c5c983180ea482dc6b51e4e9bfb728fdac815febf475b928fb8b
                                                                                                                                                                                                                                      • Instruction ID: a82e6ffecb3d84059e1f9f34ba74dd56f8bdda7a020375bf6cbe070eb261dc57
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f8dd1f2c593c5c983180ea482dc6b51e4e9bfb728fdac815febf475b928fb8b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59E08671E0020ADFCB44DFE8EA4175CBB75EB85221F1006E9D448D7650E7301E05CB40
                                                                                                                                                                                                                                      Function 032908A9 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4c05ea960f05233485e2d67e16045fc75854d7967ae6f2021ea766442d525e26
                                                                                                                                                                                                                                      • Instruction ID: 9472cc0b2c5f312d2657ec92fb1b2aac9e8c1e63885762c1b39762311acb61e3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c05ea960f05233485e2d67e16045fc75854d7967ae6f2021ea766442d525e26
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8DE0EC7194210CEFCB00DFA8E95159DBBADEB59304B1085AAD908D7215EB716F049B81
                                                                                                                                                                                                                                      Function 060ED3E4 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3ee1b65c153e4d55370eed21b7166f08eddf090e761e7bc5962b6025cb29e718
                                                                                                                                                                                                                                      • Instruction ID: 801165123e8945bf63837aee278cbfb5b4103e2f33d627712330d202a3f679f1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ee1b65c153e4d55370eed21b7166f08eddf090e761e7bc5962b6025cb29e718
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92D0A735B440148F8B40675874600BCF7A7FFC4111718002AE526D7280EFB149024B92
                                                                                                                                                                                                                                      Function 064F04C8 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 757970d08c9a43ef7571593d1c3753562cf6d6a1307bcb8a99922247738cb691
                                                                                                                                                                                                                                      • Instruction ID: 1257f7e3ef27e8a72677e0a9dae9eff666246af44dc7bb993d819d35f6bf57ac
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 757970d08c9a43ef7571593d1c3753562cf6d6a1307bcb8a99922247738cb691
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3CD067781192815FC312DF60C9A0851FFB5AF8A210319C6CAE8C48B757C635DD97DBA1
                                                                                                                                                                                                                                      Function 064F60AD Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5c316c7b4005744ff0639615fc2e151497270b2db547863bbd9ae9909bc57e7b
                                                                                                                                                                                                                                      • Instruction ID: 8551f47a15384f0b106313f417726d88e94243383286bfb54b6e4f7893185d53
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c316c7b4005744ff0639615fc2e151497270b2db547863bbd9ae9909bc57e7b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28D09E36211114BF8744DE59D841CD67FADEF496607158055F9148B221C672DC119BE1
                                                                                                                                                                                                                                      Function 060E2120 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 22a0a1ecbe699a0e9af037420cfc580b1460be3c1d8f07c168f8a22a395a89cd
                                                                                                                                                                                                                                      • Instruction ID: cd3f3ec51805d09e2a0aa16f43130ead1d2c34772d69218c9f204be8f78a1aa8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22a0a1ecbe699a0e9af037420cfc580b1460be3c1d8f07c168f8a22a395a89cd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06D0A772B852055F9F108BF8AC105DCBFA0DAD513170441A2C519D32A1C665C5518772
                                                                                                                                                                                                                                      Function 060ED940 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d008994f729268196464a78f290fc320414392fc71a33734217234c2962f785d
                                                                                                                                                                                                                                      • Instruction ID: 03f4a761c5e363fae065034b669c4f0e11c82ccc0afb617fe6f277757f0414b9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d008994f729268196464a78f290fc320414392fc71a33734217234c2962f785d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CD02B342493008FD781C2288500A803F929796300F1066A8E84FD2183E3638C039711
                                                                                                                                                                                                                                      Function 064F60D0 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: eb872cbf45694a0ba56179e4f9c5ce57716aa775decc29b2b3cc601a87ff14b1
                                                                                                                                                                                                                                      • Instruction ID: a88adf63ee550b457976e63f9c812522c9c7417df856fcff6b9097e61c690845
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb872cbf45694a0ba56179e4f9c5ce57716aa775decc29b2b3cc601a87ff14b1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4E01739049284AFC7029F64EC10CA13F69AF1A21830980D5F9948F273C622E821DB62
                                                                                                                                                                                                                                      Function 064F2D72 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cdfcd6616d15df3a531863b751590b043fd07fa18f012820e9c1db281d7ee38e
                                                                                                                                                                                                                                      • Instruction ID: 61c010d620deba00671bd00f392332c16a5733f94e08394c2500551c49d716cb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cdfcd6616d15df3a531863b751590b043fd07fa18f012820e9c1db281d7ee38e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66D05E22B041099ECB109BB8A8004DCB7A4DEC41203108263C569A6162CA608512CB22
                                                                                                                                                                                                                                      Function 0329A270 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7433c0ae354b24ba36f241e9d8bcb31f97f5be620813e22365d0a74d007020c9
                                                                                                                                                                                                                                      • Instruction ID: 5459fa3666315c91cb44fc2987737e22f0ef98fe45493505a5de49f918a816c4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7433c0ae354b24ba36f241e9d8bcb31f97f5be620813e22365d0a74d007020c9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8D01730A0120AEFCF04DFA8EA92A6DFBB9EB44300B1045A99808D7204EB316F009B81
                                                                                                                                                                                                                                      Function 03299730 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 97836200f2925233b7d30390af73891bc9e1840f0c9fd1a783bacd91e717225b
                                                                                                                                                                                                                                      • Instruction ID: a0964b1cf330a96d0b22a5011ea53b4436f43bc29f49a60d913d640b1d737d2e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97836200f2925233b7d30390af73891bc9e1840f0c9fd1a783bacd91e717225b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5BD0C9353402155FC714EAA8D440E9AB7D9AF89A64B0145A9F60ECB3A1DDA2EC0187D1
                                                                                                                                                                                                                                      Function 03296700 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 447f60e6ffb5c2ee2b9d1ff6422a4401f9bfea313e821a1d083edbcf931e0ec3
                                                                                                                                                                                                                                      • Instruction ID: 3c4705ffe7569ac572f25a7ccacb42a767fa91f36fdc2b22593119de6389054d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 447f60e6ffb5c2ee2b9d1ff6422a4401f9bfea313e821a1d083edbcf931e0ec3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAD01730A0020DEFCB00EFA8E94199DBBF9EB45300B5041A9D809D7200EA316F009B95
                                                                                                                                                                                                                                      Function 032995D8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0187b3689abf702191b628a6fd29e2489c141bcfe0ce31e285b92d78ff94d2ad
                                                                                                                                                                                                                                      • Instruction ID: 077f187bf32d093c403fc54bc38270ca195d81ad433a5c65788c43c7a2eeb837
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0187b3689abf702191b628a6fd29e2489c141bcfe0ce31e285b92d78ff94d2ad
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4D02B372000209FEB009B9898045DB7B65DF5D302B1190A3BA04DB102C9704C01C775
                                                                                                                                                                                                                                      Function 032944C0 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ab541e8d5a151229339ad641a88e65e140522ce3e3c43861712374704052a92e
                                                                                                                                                                                                                                      • Instruction ID: ce4801bd00dc35dff476f77ff6a28496214f4374ec7c1337d51fc0732e4e5034
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab541e8d5a151229339ad641a88e65e140522ce3e3c43861712374704052a92e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6CD01730A0420CEF8B40DFA8EA4195DBBFDEB49200B1085A9D809D7200EA316F009B95
                                                                                                                                                                                                                                      Function 03297BE0 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 54ea9d60249776f481b2bce3e84b737eba73a00eb730ae5c2a49f0879f3f8763
                                                                                                                                                                                                                                      • Instruction ID: ae75923c0bb3d580c9ddbcf9e32af1c8d95d26e18d9986fd537c318d8bbdfd05
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54ea9d60249776f481b2bce3e84b737eba73a00eb730ae5c2a49f0879f3f8763
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52D01730A00209EF8B40DFA8EA4296DBBBDEB84215F1041A89808D7600EB716F04DB91
                                                                                                                                                                                                                                      Function 032908B0 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 05832a8f4d482badcc41659f76104427b0a75be2e31ce50fba973b0d567919ca
                                                                                                                                                                                                                                      • Instruction ID: 9efbe01ad592304ead30f4b4e0160f0041cc65d069c63b24363dafc09cd297c3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05832a8f4d482badcc41659f76104427b0a75be2e31ce50fba973b0d567919ca
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91D01770A4210CEFCB00DFA8FA4195DBBBDEB49304B1081AAD908D7205EB316F049B81
                                                                                                                                                                                                                                      Function 0329BDB8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c7aea4970817a894277f72a9950d98ce8dbf0422e5644326274fcd252c2487e1
                                                                                                                                                                                                                                      • Instruction ID: 7346dd2c7948b0599db35ccfc9abe996dfff67a7288ef5f7bb8cc1f2dbf2c807
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7aea4970817a894277f72a9950d98ce8dbf0422e5644326274fcd252c2487e1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4E01232424758CED701ABA8F4156D5BB74EB55314F00A245F55916611EF70A4D0D645
                                                                                                                                                                                                                                      Function 03299DBB Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1ba2fe1279a8a2941a19fcb30af99818c242bb71d025eb1524c7317b4676df7f
                                                                                                                                                                                                                                      • Instruction ID: 7aa83f211823196fb40b4348fe260f5ba9e9b5de5e166aa9347a70959b6e63a3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ba2fe1279a8a2941a19fcb30af99818c242bb71d025eb1524c7317b4676df7f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03D0A736B542055F8F109BBCA9405DCB7A0DEC413430081BBC02993566C7B484629B32
                                                                                                                                                                                                                                      Function 060E2290 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4ab9e4111865f1d2161b7bc83a4e1ff8fe335cf6a9cde4eb320f00eb5aeb7482
                                                                                                                                                                                                                                      • Instruction ID: 2a5cbe504b9c746797c54070d84bdd81c6ca2cfb111cf3dbab7fdcf87b323d0b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ab9e4111865f1d2161b7bc83a4e1ff8fe335cf6a9cde4eb320f00eb5aeb7482
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9ED05E302183928FD7265B70A469065BFF0EF56200B1498DED0C5CB192EB699D82CB92
                                                                                                                                                                                                                                      Function 060E4F16 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1e45e5eabadfcb78d527b84e8b7af2801e07a833110841ff1454d0c2a32f5529
                                                                                                                                                                                                                                      • Instruction ID: 53974df46984aaa456f903ec2eb4dba1da1da81ad4a219421aa96f5b692ac100
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e45e5eabadfcb78d527b84e8b7af2801e07a833110841ff1454d0c2a32f5529
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46D0A932F851088FCF108EA8A9000ECBBA0DAC413078002B3C029C32A2CA34C6128362
                                                                                                                                                                                                                                      Function 03299ADC Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ed2d56e6e64d749ef596a2254eb040650d2259d77f10a1f003dd35477fc06d9c
                                                                                                                                                                                                                                      • Instruction ID: c92de3363a1588a48bfa7bb020285eb732d96aa5121468e510e45e84f0b6f3f8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed2d56e6e64d749ef596a2254eb040650d2259d77f10a1f003dd35477fc06d9c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82D05E22B153545FCF218AB8981049C7B60AA8112170002E3C054C7162C7648554C762
                                                                                                                                                                                                                                      Function 03293F78 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 69376725ada4bfdcee809e72b54c386f5605b0e555f4c6767ef70676fea53786
                                                                                                                                                                                                                                      • Instruction ID: d0b1d98fde902137b55d85f0cc5bf5bb8fc243e12cff1b2a9ef51c15e6209b81
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69376725ada4bfdcee809e72b54c386f5605b0e555f4c6767ef70676fea53786
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14D0A7367452845FE7115B709A256B53F31DF5620578C40D7D88CDF2A3DA264C03CB49
                                                                                                                                                                                                                                      Function 060ED6D0 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f022c31e97b9618420edecf732b917b0cbb6d5fa8e025478295ecec4c5536fb2
                                                                                                                                                                                                                                      • Instruction ID: 4f0de8dd306fdfdf8c214e1322e13864392afd2d9417a8e7b923ba3c1a721536
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f022c31e97b9618420edecf732b917b0cbb6d5fa8e025478295ecec4c5536fb2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7FD09239605314CFD7289F74E488498B772FB8422A31048AAE65687690DB32E855CB60
                                                                                                                                                                                                                                      Function 060ED6EA Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b4a9e10cafee2613f54e50a50ebae4e5abed931feb530c1933fc221e26c35862
                                                                                                                                                                                                                                      • Instruction ID: 209ad7033d92a64961790db795932e9626ea1a4333c02ae4be8c01fdc8315ecf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4a9e10cafee2613f54e50a50ebae4e5abed931feb530c1933fc221e26c35862
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2ED09239605314CFD7289F74E188498BB72FB8422A31048AAE61787290DB32E955CB61
                                                                                                                                                                                                                                      Function 060ED704 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 29b985debb1b19de9bdf2b784c8a623cbc9940f781494ea3e51ffdd47de0041a
                                                                                                                                                                                                                                      • Instruction ID: c8ff7346a7aec196ee4f56c9996e3394673bec747f94669ee748e9c99b0b533e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29b985debb1b19de9bdf2b784c8a623cbc9940f781494ea3e51ffdd47de0041a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42D09239605314CFD7289F74E18849DBB76FB8422A31049AAE61687250DB32E955CB61
                                                                                                                                                                                                                                      Function 060ED71E Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2bf94558344087c2c3ea41fd4c689d738a4f5f3a3730a5e1a8f311188d3b3a49
                                                                                                                                                                                                                                      • Instruction ID: 987b69197dccffc0469836bdc420d1c681c23c5057abdda6662eefde9d6ad3eb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2bf94558344087c2c3ea41fd4c689d738a4f5f3a3730a5e1a8f311188d3b3a49
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4ED09239605318CFD7289F74E088499BB72FB8422A31049AAE61697290EB32E855CB60
                                                                                                                                                                                                                                      Function 060ED738 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c230bd093b28a272f31978d3c2982d65c03d27938b0593baa98dd68fc6b5c198
                                                                                                                                                                                                                                      • Instruction ID: e9e5eaea855ffe6213b18d5364278caa167da766870fdfbdda4276067eb3b565
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c230bd093b28a272f31978d3c2982d65c03d27938b0593baa98dd68fc6b5c198
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3D09239605314CFDB289F74E188899BB72FB8422A31089AAE61687250DB32E855CB60
                                                                                                                                                                                                                                      Function 064F6200 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 10764ae15c7f64113990845c40fb0139737fe446a2788df2df02e277a2e44a6a
                                                                                                                                                                                                                                      • Instruction ID: 60ddd95599ae66302ce904d6201fd3215f574674ce6f8abfa6a1c8a6781efdf5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10764ae15c7f64113990845c40fb0139737fe446a2788df2df02e277a2e44a6a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39D05E36145284AFCB01CF64E849C943F31FF09214711408AF6484F273C732D814DB62
                                                                                                                                                                                                                                      Function 064F60B0 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f1c3c6f3e65a7aa89e028821f37458a22875d24a41b23d1ce394abc0c963c753
                                                                                                                                                                                                                                      • Instruction ID: f1a8f9c4d2bcfdfc561cff15ce83f1e9e20c66dfc182e0e3eee015f094571bae
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1c3c6f3e65a7aa89e028821f37458a22875d24a41b23d1ce394abc0c963c753
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2BD0C936210118AF8B44DE89D840C95BBA9FF4D6607158096FA188B332C672EC11DB90
                                                                                                                                                                                                                                      Function 064F8C80 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6a0f745d688f5a05cadd978d734cdc87dca59452fa1ebfc314ae2b0c21daa4eb
                                                                                                                                                                                                                                      • Instruction ID: bf01d98075fffb8bcff27f3e0394d985aeeadf7e58f9e6fb308cee7b5dad9b7b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a0f745d688f5a05cadd978d734cdc87dca59452fa1ebfc314ae2b0c21daa4eb
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AFD0C97411B240AFC305CB30DD51892FFB59F86104319C4DAE808CB263CA26DA13CBB1
                                                                                                                                                                                                                                      Function 032995E8 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: af0ff170f86cc8fffea4b23d8fae2b6a42b7ddd63e84bfed368e71b1b2e3372d
                                                                                                                                                                                                                                      • Instruction ID: 1c0a0af1515b30ccdf22433c610811a36f1941779caa5318e741d604b6708a03
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af0ff170f86cc8fffea4b23d8fae2b6a42b7ddd63e84bfed368e71b1b2e3372d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5EC0123721012867DB00A699A4049DF7B9DDB89261B409022B70997611D9B18C5083FA
                                                                                                                                                                                                                                      Function 0329A920 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7154950a55ef97326775112dc92be3341a7a955e0cf2a048c11ef59a7b7db2c3
                                                                                                                                                                                                                                      • Instruction ID: 55b09270ab9dec995ec297f0f905e560129f0a7c05b25fd8add8ff3ae21c8e4d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7154950a55ef97326775112dc92be3341a7a955e0cf2a048c11ef59a7b7db2c3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AD05E70901209EF8B40CFA4D90A52DBBB9E788200B204496E909D3300DF301E009BA1
                                                                                                                                                                                                                                      Function 060ED614 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7cf556cb921b205dd4c9c7235e96cc2105af1fd695d4953c0e080aa34fc6dde5
                                                                                                                                                                                                                                      • Instruction ID: ab28c48b2f1215e8d0633eb4d7be6f544aa637e54fd62ea41343710f2cb0d935
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7cf556cb921b205dd4c9c7235e96cc2105af1fd695d4953c0e080aa34fc6dde5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56C08C36B80128CEAB8CA6A478440ECB72AEBC42227008066F22BC2080DF3205114290
                                                                                                                                                                                                                                      Function 060ED62B Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0723515d9ad81cd896510b33243a9d0da0e6346871b6d7099f30936532a8179f
                                                                                                                                                                                                                                      • Instruction ID: 2d45fb8af55ece8c4c1c070f533b56d8fdc705326621ca87dd8e6e136ef02ddc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0723515d9ad81cd896510b33243a9d0da0e6346871b6d7099f30936532a8179f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9AC08C32B80024CFEB8862C8B8042ECB76AEBC8222F004062F22BC2480DF62091142E1
                                                                                                                                                                                                                                      Function 064F5060 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bdaaafa3af04e119613aa366352183c4a231f200c626bb77d2b75abb9cecee30
                                                                                                                                                                                                                                      • Instruction ID: 284e139a15839a2cbb12ea025211a9e563c565b49f5db7de4615338f75b636df
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bdaaafa3af04e119613aa366352183c4a231f200c626bb77d2b75abb9cecee30
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58D01231102714CBC3385BA5E00449177ABEF45326344087DE50A83710CB72ECC5DBD1
                                                                                                                                                                                                                                      Function 032935D0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: efefb67c885a66eba3cbf9772407fd5802e7e36785828b16f7805c199aa256a8
                                                                                                                                                                                                                                      • Instruction ID: 0da30e3a766ac0ecfddd79393a097c7343190cac7f3be67e13f4b857f1b75443
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: efefb67c885a66eba3cbf9772407fd5802e7e36785828b16f7805c199aa256a8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0ED0222628C3E18FD302412CAC932982F160A124267CC40FACC80EA283E40D880703C9
                                                                                                                                                                                                                                      Function 03293F88 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e286b9fb67ee1783883ebc9f29a1e3a965c868c15045b9bcee7b3eb981ef9631
                                                                                                                                                                                                                                      • Instruction ID: 8fcce87b6a5922878f44bbd2f0b0a5a888afe5c8c0c2cb94dd4e5bc735aa99ec
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e286b9fb67ee1783883ebc9f29a1e3a965c868c15045b9bcee7b3eb981ef9631
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56C0803134011867D7005654D415569775DEB45654B144055E90D8F341DF67AC038BC5
                                                                                                                                                                                                                                      Function 060E491F Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ff3ab1b52ae89ecc8865ffa3d3d45b0f7d624168c36304609a96a08967b48809
                                                                                                                                                                                                                                      • Instruction ID: bfbf795722c45aabd99b25011d1089b3a790697c2be07f0f1624e466c7f12cd9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff3ab1b52ae89ecc8865ffa3d3d45b0f7d624168c36304609a96a08967b48809
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 24D012722040605BDA854B5564217797F959B49115B3C84C5F598DF182CA16C9034B54
                                                                                                                                                                                                                                      Function 03290670 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2bf33d9f3313652d4b62d0f760aa5dec2a14647346f07d9dcd0f9b5dfc6c36bd
                                                                                                                                                                                                                                      • Instruction ID: 0abd3f8d190107ec16acda159f4923cc8f27c79ff06b220c4bd411258629ce76
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2bf33d9f3313652d4b62d0f760aa5dec2a14647346f07d9dcd0f9b5dfc6c36bd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22C08CB13513416AFB058630CE02B393A165BC6364F28C0EAA7049D0E2C66BC857A382
                                                                                                                                                                                                                                      Function 0329BDC8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 57d876df992d0a362a2c3a090665a8cab781973e4b2d4b62ecc14510abb3cd82
                                                                                                                                                                                                                                      • Instruction ID: 4dee9e18ab67c1d21363e7926cffb854033cbfb6e3f2de25e235d507c052fab8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57d876df992d0a362a2c3a090665a8cab781973e4b2d4b62ecc14510abb3cd82
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6ED0C931814B588AD701BBACD4055A9BBB8EF49314F40965AE54967222EF60E5E0C685
                                                                                                                                                                                                                                      Function 064F3E79 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 46d45ff3847645fa2afd374a79d2458a91885fbbaf7a0b8885d021f159921a38
                                                                                                                                                                                                                                      • Instruction ID: a94b31ed77a10f191953ab5b14d324cf4ee747e62fde88a219c46f8349cb8115
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46d45ff3847645fa2afd374a79d2458a91885fbbaf7a0b8885d021f159921a38
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9DD09E7085120ADAEF56CF40D5697AEBB71AF04304F300416D11165180C7780A45CFC1
                                                                                                                                                                                                                                      Function 064F8DA8 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0ab88b899b6150d8e800bfdad367c24fb94f7aa3d1ff9556b0a325aea67182fa
                                                                                                                                                                                                                                      • Instruction ID: 210e0619b0f5d088d90f9707cc7f07593bc91c0c397b3b42fc3257b1aa063b0e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ab88b899b6150d8e800bfdad367c24fb94f7aa3d1ff9556b0a325aea67182fa
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20D0C9366000099BDF009B90E4048ECBB72EB88362B004025EA05A2214C6315E66DB50
                                                                                                                                                                                                                                      Function 032910B8 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5f89e0e2cb4172868aa42578d1705b88180521aa205a26cc2dd6ea6eed603b32
                                                                                                                                                                                                                                      • Instruction ID: 9de62f098d6082ef1d28a9e4dc39dd3246b7a040b73eabf663423934ca3156ca
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f89e0e2cb4172868aa42578d1705b88180521aa205a26cc2dd6ea6eed603b32
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98C02B24320230131644B13E34D026825C397CC161304001EBA03DF300CC100C8243C8
                                                                                                                                                                                                                                      Function 064F6210 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d4213fe703f1605e05322e3fbcd3582e5e8cbc769e6a5145e53abcee4a0dab7b
                                                                                                                                                                                                                                      • Instruction ID: ff5e81086be5929ffba26e05a9db9e732950cef57178e3cf167137f27edcc873
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4213fe703f1605e05322e3fbcd3582e5e8cbc769e6a5145e53abcee4a0dab7b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64C01236100208EFCB04DF98E844C953BB9FF0C7207208088FA084F232C732E820DB50
                                                                                                                                                                                                                                      Function 064F60E0 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b3149f4f4fc105d6bf32d0386041484630c98668247894b28e24961094e4423d
                                                                                                                                                                                                                                      • Instruction ID: 3dc8cf8d8c7f74d3825886a6f4120fff88a9cdc2e87ed174b79ee8c745c30c2f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3149f4f4fc105d6bf32d0386041484630c98668247894b28e24961094e4423d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2DC0123A100208EFCB00DF88C844C947BA9FF087107108088FA094F232C732E821DB40
                                                                                                                                                                                                                                      Function 0329CF10 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0eba57e3fd82f8757a3c50f1fabf70974017b554f68d03d7f344eb79e3ba31be
                                                                                                                                                                                                                                      • Instruction ID: f43e232537e9ff454be5dd529f3f19693f1778d77d873de66fb9512d683e5a48
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0eba57e3fd82f8757a3c50f1fabf70974017b554f68d03d7f344eb79e3ba31be
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8C09B728111415FDF05BE30D5877987F319741241F4D16915106C7253C71CD4CCDF52
                                                                                                                                                                                                                                      Function 060ED543 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 22fbee375483034a9b5986d5466b2d467bb8f6fce0f01ccac813374d8fdd8cff
                                                                                                                                                                                                                                      • Instruction ID: 0dc24f2c53df46640c84a434a5ed11810f0f5d80d9f02812f42bee71b566d1c5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22fbee375483034a9b5986d5466b2d467bb8f6fce0f01ccac813374d8fdd8cff
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9B09236B84428CE9B455688B4440ECB725EA80126B0041A2F26A82080EB2116258691
                                                                                                                                                                                                                                      Function 060E22A0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8cff6fd902e0117bdf99471bad4e397b7b5670a5a5085f7689cd62c759b33cdd
                                                                                                                                                                                                                                      • Instruction ID: 13b04bd9d9c6677b72646eda9264b1350d04eeb8af84fa455c795e3ce35cbe62
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8cff6fd902e0117bdf99471bad4e397b7b5670a5a5085f7689cd62c759b33cdd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12C04C3021020597C61496A4E45D46A7799A7886057149559950987241EF76FD038AD1
                                                                                                                                                                                                                                      Function 064F05B6 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cfba4cfdd3189ab056420247295243d7ca15c9d70696c2694e2d9325a47c75a5
                                                                                                                                                                                                                                      • Instruction ID: 099e11378f76a4d3b2e97b95c6a7a34a4bdb8531fb7a7de3010767cac525f84d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfba4cfdd3189ab056420247295243d7ca15c9d70696c2694e2d9325a47c75a5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32C0023AA000198F8B00DB94E5458DDBBF1EB8C226B1041A1EA09A32108731A956CF90
                                                                                                                                                                                                                                      Function 03290D00 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ee360f4534eabe3f641a3c0f9e54e5302012c7ca231320c6062ad46e79e58564
                                                                                                                                                                                                                                      • Instruction ID: 3ec6c31c8abe79552bfdb49beceabdbb539583fe2d9012f7cca0948e3356882a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee360f4534eabe3f641a3c0f9e54e5302012c7ca231320c6062ad46e79e58564
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1B092A6A6031816DE048171896A3E41611E7D520CF0C5810E10AC8680E8249202F008
                                                                                                                                                                                                                                      Function 064FAAFA Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d7e54bf4f57c44840f819f05b7e0ab880f3247e7ee714aa1aa3219cb3a5b6ba6
                                                                                                                                                                                                                                      • Instruction ID: 74f37256a87ec572fd907de7c249f8d53917c3dfd8a8596a26690d1e1dd16708
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d7e54bf4f57c44840f819f05b7e0ab880f3247e7ee714aa1aa3219cb3a5b6ba6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1A00262A5904C016D50C8412C910A47755D7D2259B0632C5DD6D4AB40D8A384229189
                                                                                                                                                                                                                                      Function 064F8BB0 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 41e67df99904fd4348f049a5f21cba6688373f3c6c3c6536478708592ef14eb5
                                                                                                                                                                                                                                      • Instruction ID: 8025ad9b0bc2592cb901cdef1b071eb14a8dc520473308b79f6885c68129bc89
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 41e67df99904fd4348f049a5f21cba6688373f3c6c3c6536478708592ef14eb5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4CA012300003088786005644E505410775CDA446043004054B40D021024B22B8018A80

                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                      Function 064FC768 Relevance: .7, Instructions: 659COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344270755.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_64f0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7f116243c4860eb6fb3417aa467b0f7883f7987de2bb45767d47af8ed96a0e7f
                                                                                                                                                                                                                                      • Instruction ID: b6bf45e22959b12abac903c5a9350e327173b862f396fb9f2b7717d2c4a4c1d0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f116243c4860eb6fb3417aa467b0f7883f7987de2bb45767d47af8ed96a0e7f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87520731A101189FCB55CF58C5C4AAEBBF2FF88314F26C55AE915AB296C735EC81CB90
                                                                                                                                                                                                                                      Function 032960F0 Relevance: .4, Instructions: 447COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2337142277.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_3290000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e72073dd3b18c90a41ded7c264b31fadc1722ebc03ab5c42eb2a2ae2edc3382e
                                                                                                                                                                                                                                      • Instruction ID: 2d6609806c06ccbf736e5bbfe62a2e3447df2da253636d2e62956685be12c7b9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e72073dd3b18c90a41ded7c264b31fadc1722ebc03ab5c42eb2a2ae2edc3382e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BF1AE31A002168FCB55DFA8C880AAEFBF6FF89310F14856AD459DB251DB34ED46CB91
                                                                                                                                                                                                                                      Function 060EA688 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 751212e8f06bf140c8c292775bdec7dd91fdf96627df40208a61da1259643031
                                                                                                                                                                                                                                      • Instruction ID: 48495d96074fcff693c90f9e9397c1e7c6ac9c41ee83779067a48f2d8a179cc2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 751212e8f06bf140c8c292775bdec7dd91fdf96627df40208a61da1259643031
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C061B0207DE579CFF7888818985133C2952FBAD255F5A8467E2A3CF781C766D8D0E382
                                                                                                                                                                                                                                      Function 060EA698 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344040063.00000000060E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060E0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_60e0000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 76dbdb3bffca373b5611779fe25072448cb85a04175100f4907a6ada615c8b6d
                                                                                                                                                                                                                                      • Instruction ID: 57801160cc9ae95f955fff2aa27df2ed3c1256fbad88ffe1dcd7ac7698393f17
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76dbdb3bffca373b5611779fe25072448cb85a04175100f4907a6ada615c8b6d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9951A0207DE578CFF7888818985173C2952FBAD255F5A8467E2A3CF780C766D8D0E382
                                                                                                                                                                                                                                      Function 067810CC Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344516855.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6780000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 21573631036ed5eae9c9407d2c923b0f514b2ec305d4e0f9d9ec5497688ebe73
                                                                                                                                                                                                                                      • Instruction ID: 1b31e8b10fb3fd1d023563e3b31399d5ba6f25a20d22e4a73b81018a7a7e0caf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21573631036ed5eae9c9407d2c923b0f514b2ec305d4e0f9d9ec5497688ebe73
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D6166A284E7E14FD703AB3899B45D27FB4ED43314B5A40C7C4C08F0B7E6599929C7AA
                                                                                                                                                                                                                                      Function 06781262 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000003.00000002.2344516855.0000000006780000.00000040.00000800.00020000.00000000.sdmp, Offset: 06780000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_3_2_6780000_Update.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3461875ef21817d2f324d36381e51db908e7363edf59911b0a3ea8b968f4d688
                                                                                                                                                                                                                                      • Instruction ID: 991cac37198c056d4694a6dba71601407978f6735120eb52f92a5305cff7e538
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3461875ef21817d2f324d36381e51db908e7363edf59911b0a3ea8b968f4d688
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A51479284E7D14FC713AB3C58B41D2BFB4AC4321875A44C7C0C08F4B7D5599A6AC76A

                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                      Function 00007FF849E426D0 Relevance: 1.8, Strings: 1, Instructions: 545COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: %\^H
                                                                                                                                                                                                                                      • API String ID: 0-2402414268
                                                                                                                                                                                                                                      • Opcode ID: f05677cba24139e209783ade4b5a3a0eb257f230c4510c6f6575464228669333
                                                                                                                                                                                                                                      • Instruction ID: aab739dcf418023bad062fb7009c397e22a55dbd90e1345ed303dce1959b2e32
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f05677cba24139e209783ade4b5a3a0eb257f230c4510c6f6575464228669333
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C812B07090CA898FEB79EF28CC95BE937E0FF55344F0441AAD84DCB292DA74A645CB41
                                                                                                                                                                                                                                      Function 00007FF849E4144E Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8e381663c52b79b46d8ce6fe605c3a5c6d4abef1406bb2c226da291c03359b61
                                                                                                                                                                                                                                      • Instruction ID: 32c8222f06e67e2b4eb7625190e87e44a55eda9a853474e770228fdacdc0ae0c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e381663c52b79b46d8ce6fe605c3a5c6d4abef1406bb2c226da291c03359b61
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA615D3091865C8FEF54EF68C846BE9BBF0FB65311F1041AAD44DD7252DB74A885CB81
                                                                                                                                                                                                                                      Function 00007FF849E43C01 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4c07328ae7600c050ad36bdc21297dfa82549af27c04dba2e107e3d5f7257679
                                                                                                                                                                                                                                      • Instruction ID: 085328924615581f848248a1b2ba205fcf41fd90ba6a76975734ce2787198264
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c07328ae7600c050ad36bdc21297dfa82549af27c04dba2e107e3d5f7257679
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E611970D1865C8FEB54EF68C885BE9BBF0FB59301F0041AAD44DD3252DB74A985CB41
                                                                                                                                                                                                                                      Function 00007FF849E444D6 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 059802299eb335ab34547673860a874ed3747812159e45358c53856ad2394d1f
                                                                                                                                                                                                                                      • Instruction ID: 8c368e1e95cfedeceaf76810fe5122b578ce014d5a56f89ca5bf4cb3ba0dbcc1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 059802299eb335ab34547673860a874ed3747812159e45358c53856ad2394d1f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39513B70918A4C8FDF64EF68C889BE9B7F0FB59311F1041AAD44DD3252DA74A985CF41
                                                                                                                                                                                                                                      Function 00007FF849E446E5 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 04cc008e16795834febbd3caa5626b771b34b0a74e15ae0dd4e85ebfd959418d
                                                                                                                                                                                                                                      • Instruction ID: 6c6f63b37deeb1b7e94c24d0cdb0a584b82724e9be9b21fe1fc779716391aaf6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04cc008e16795834febbd3caa5626b771b34b0a74e15ae0dd4e85ebfd959418d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7515D7090D68D8FDF54EF68C886BE9BBF0FB5A314F1041AAD449D3252DB74A886CB41
                                                                                                                                                                                                                                      Function 00007FF849747DC8 Relevance: 11.9, Strings: 9, Instructions: 665COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (c}I$0f}I$@)b$`V}I$`\}I$pX}I$x9gI$xY}I$xa}I
                                                                                                                                                                                                                                      • API String ID: 0-212670395
                                                                                                                                                                                                                                      • Opcode ID: 12b4b7086fe5673458b8552023f35e85a32901c8d61fd6de71bf95ce60064832
                                                                                                                                                                                                                                      • Instruction ID: 11fffb62e13b0cc0bebd420b28882c7039bd74346f0434a74f949e85873fa913
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12b4b7086fe5673458b8552023f35e85a32901c8d61fd6de71bf95ce60064832
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D125531A0DA8E8FE7A5EF6C98456F577E1EF65790F0401BAC44DC7193EE28AC068781
                                                                                                                                                                                                                                      Function 00007FF84974F3F9 Relevance: 10.4, Strings: 8, Instructions: 403COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 8tI$@)b$Aa[H$ps6I$ps6I$x9gI$)b$)b
                                                                                                                                                                                                                                      • API String ID: 0-2186323213
                                                                                                                                                                                                                                      • Opcode ID: 9f0dbb7014889828f390b7aab7d6a46efe5a4d10be97547273c9c4ff367f0bae
                                                                                                                                                                                                                                      • Instruction ID: 2cba705487e845b49123f3f174768921a87c3a1aa41f25426b04bc6cf8cbbd12
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f0dbb7014889828f390b7aab7d6a46efe5a4d10be97547273c9c4ff367f0bae
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3C12531E1EA8B8FEBA9AF6898555B57BE0FF553D0B0400BED449CB297DD18B8028345
                                                                                                                                                                                                                                      Function 00007FF84974437A Relevance: 6.8, Strings: 5, Instructions: 552COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: H$I$p)b$x)b$x9gI
                                                                                                                                                                                                                                      • API String ID: 0-2185292066
                                                                                                                                                                                                                                      • Opcode ID: 2997bfe2caf9bb767e690c36bce9c012c5f198419b5cb399b90e21cea2050c81
                                                                                                                                                                                                                                      • Instruction ID: 263fa4ce58e852dc0eed80ecc3964365564872eb125b06191d53a07501d05e3b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2997bfe2caf9bb767e690c36bce9c012c5f198419b5cb399b90e21cea2050c81
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FE12022E0CA8A5FE7A9BEBC54192B467D2EF957D5F1401BED00DC72D3DD28AC424389
                                                                                                                                                                                                                                      Function 00007FF849744427 Relevance: 5.3, Strings: 4, Instructions: 299COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: H$I$x)b$x9gI
                                                                                                                                                                                                                                      • API String ID: 0-472897863
                                                                                                                                                                                                                                      • Opcode ID: 06696e6c8add4a2a1064e6dc7c8d769d5630ba009763d321162dfbadfef428f9
                                                                                                                                                                                                                                      • Instruction ID: da9dc02e178352492518c22749a603400816d57b61cabc891ae0c697061a71d8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06696e6c8add4a2a1064e6dc7c8d769d5630ba009763d321162dfbadfef428f9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C810F22E0DE8A9FE6B8AE6C54092B567D2EF987D5B1401BED00DC72D3DD28AC424385
                                                                                                                                                                                                                                      Function 00007FF849744538 Relevance: 5.2, Strings: 4, Instructions: 199COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: H$I$x)b$x9gI
                                                                                                                                                                                                                                      • API String ID: 0-472897863
                                                                                                                                                                                                                                      • Opcode ID: bb645ea8b43d1f0d0fd25dd113d8a1db0023b927dd711f49453fa8276967adbc
                                                                                                                                                                                                                                      • Instruction ID: 90266e378d34cb0d317d075bc9cd5ee92f3762a855a1df2846b9500634a99343
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb645ea8b43d1f0d0fd25dd113d8a1db0023b927dd711f49453fa8276967adbc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73512362E0CE8A9FF6B9AEA854092B567D2EF947D4F14017EC00EC72D3DD28AC435349
                                                                                                                                                                                                                                      Function 00007FF849744540 Relevance: 5.2, Strings: 4, Instructions: 195COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: H$I$x)b$x9gI
                                                                                                                                                                                                                                      • API String ID: 0-472897863
                                                                                                                                                                                                                                      • Opcode ID: 08ef282951e10cee114e2c2ef99399940a2bc937321b689f2292b778585f8048
                                                                                                                                                                                                                                      • Instruction ID: 5200daad6bc9bd8a83835a06a32e9d3b08941f5f2eb8057c14f0e6fd593f53a3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08ef282951e10cee114e2c2ef99399940a2bc937321b689f2292b778585f8048
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02510462E0CE869FE6B9AE6C54092B567D2EF947D4F14017EC40EC72D3DD28AC435349
                                                                                                                                                                                                                                      Function 00007FF8493AC83F Relevance: 4.3, Strings: 3, Instructions: 563COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 8*LI$@2KI$`)LI
                                                                                                                                                                                                                                      • API String ID: 0-47818642
                                                                                                                                                                                                                                      • Opcode ID: 1b171fcaa2a06dfeb07d06a5662de02218477fc26c0c9ba72121df859d44dd67
                                                                                                                                                                                                                                      • Instruction ID: 35f8388beaa7b5cf8c74356d4c5084df0826f9889348f476c71df8d39e2401cb
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b171fcaa2a06dfeb07d06a5662de02218477fc26c0c9ba72121df859d44dd67
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5FF13C32D0D7D68FE765FB2CAC511F93B90EF92B68B1841BAC04C8B193DD1DA8468295
                                                                                                                                                                                                                                      Function 00007FF84974BAD4 Relevance: 4.2, Strings: 3, Instructions: 410COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (x~I$@x~I$(b
                                                                                                                                                                                                                                      • API String ID: 0-2283069399
                                                                                                                                                                                                                                      • Opcode ID: c8b7ca48671ffd273e289b0a8091bb787dac385bd46906dee47b87c1a13f6305
                                                                                                                                                                                                                                      • Instruction ID: 2b4b48237823e9c2b9af8deb283e2c9a9d6de87e06676422dcc1ff2f19fae8b4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8b7ca48671ffd273e289b0a8091bb787dac385bd46906dee47b87c1a13f6305
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDC12A31A0DB894FE768EF6898515BA77E1FF95390F00067ED049C7293DE29EC068785
                                                                                                                                                                                                                                      Function 00007FF8497437FF Relevance: 4.0, Strings: 3, Instructions: 249COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 0*tI$@)b$x9gI
                                                                                                                                                                                                                                      • API String ID: 0-2303017376
                                                                                                                                                                                                                                      • Opcode ID: 49711e2c9333f571bc56249417e3acf5066a2ef8a01631ffb9c54978cac7907f
                                                                                                                                                                                                                                      • Instruction ID: 1ded66d108af1afc17dbe218184eb47b12a650be155c3eee8d473f7e1338fdb3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49711e2c9333f571bc56249417e3acf5066a2ef8a01631ffb9c54978cac7907f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70717431B1D9499FDB94EF2CD059B7877E1FF59381B1401BAD44EC72A6DE24AC058B40
                                                                                                                                                                                                                                      Function 00007FF849750575 Relevance: 3.9, Strings: 3, Instructions: 176COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: h*b$p*b$p*b
                                                                                                                                                                                                                                      • API String ID: 0-2159464368
                                                                                                                                                                                                                                      • Opcode ID: 3bb5a0765bac25ca4b8aa3d2d0742f80a957edf7f1967159c42c16b173082996
                                                                                                                                                                                                                                      • Instruction ID: bfb74a405dfc07620d8f0346529e70a1dfaa3a190baa34daa96e022b0322afa1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3bb5a0765bac25ca4b8aa3d2d0742f80a957edf7f1967159c42c16b173082996
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10515A31A0DA9A8FDBA5EF2888457E6B7E2FF95390F1441BAC40DD7195DE38AC05C780
                                                                                                                                                                                                                                      Function 00007FF849E4560D Relevance: 3.9, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 3H$3H$3H
                                                                                                                                                                                                                                      • API String ID: 0-818314443
                                                                                                                                                                                                                                      • Opcode ID: 1b44c7eb08be8a58be4926eefd3549852b432eb9fed674df76a3426fd74595b5
                                                                                                                                                                                                                                      • Instruction ID: 19fac6ebcd61b0f72a7cb564e0e3bd6ba346392fd3e74a9fbd90d1bbf8012269
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b44c7eb08be8a58be4926eefd3549852b432eb9fed674df76a3426fd74595b5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C313631A0CA898FDB95EF2CD8A59983BE1FF69700B4500E9D459CB6A2DE65DC44CB01
                                                                                                                                                                                                                                      Function 00007FF849BF0B1F Relevance: 3.0, Strings: 2, Instructions: 474COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2481215214.00007FF849BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849BF0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849bf0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: x#H$x#H
                                                                                                                                                                                                                                      • API String ID: 0-1004515271
                                                                                                                                                                                                                                      • Opcode ID: c751a2023eebc6f3cb82428949a6f7fd0e2d6899f45de9ce606446dfd3a4d56e
                                                                                                                                                                                                                                      • Instruction ID: 609fc8d90e7210b6db1728cbad2659ac2aee15b5db835877d5329ed76b837692
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c751a2023eebc6f3cb82428949a6f7fd0e2d6899f45de9ce606446dfd3a4d56e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1FD19021E1DEAF8FEAA9AB2C545567573D1FF68784B400079D58DC36EBED28EC018384
                                                                                                                                                                                                                                      Function 00007FF849E464B9 Relevance: 2.8, Strings: 2, Instructions: 337COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 84H$L
                                                                                                                                                                                                                                      • API String ID: 0-95454800
                                                                                                                                                                                                                                      • Opcode ID: 35dba1ec7451360414370591bb7656d64ab6986420b14a342ff0bf6c8617f911
                                                                                                                                                                                                                                      • Instruction ID: 03544c04860334c67ddf98813508d0c5b5638e1a9c3f58a3239c1715777eca7e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 35dba1ec7451360414370591bb7656d64ab6986420b14a342ff0bf6c8617f911
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A911931E1DA868FE768AF2C54852B577E1FF99B90B0400BED44DC7297DE68AC078741
                                                                                                                                                                                                                                      Function 00007FF849751B40 Relevance: 2.8, Strings: 2, Instructions: 315COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: ~I$ ~I
                                                                                                                                                                                                                                      • API String ID: 0-2670857431
                                                                                                                                                                                                                                      • Opcode ID: 2f3e2fb9a8f6e41d03cfa157c2a2da9022a149082f3f4efc67a9a0cb508e2a3c
                                                                                                                                                                                                                                      • Instruction ID: 1588dc2a37b52be35778113eca0c3ed9cf60f52eb3e90e040479fe3b6e0bd4d4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f3e2fb9a8f6e41d03cfa157c2a2da9022a149082f3f4efc67a9a0cb508e2a3c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E913731A0CA8A4FE7E4EE189480AB6B3D1FF953E5F00417ED44DC7586EE29E846C385
                                                                                                                                                                                                                                      Function 00007FF849743E20 Relevance: 2.8, Strings: 2, Instructions: 294COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: P)b$x9gI
                                                                                                                                                                                                                                      • API String ID: 0-1823555107
                                                                                                                                                                                                                                      • Opcode ID: 8e90f7012e40dba5ef66fa3e257d4419a5f9224088bc0bda57e34d75aaeae620
                                                                                                                                                                                                                                      • Instruction ID: 4bd51f9fce79e3c924df2bec0e3cca8ca57e7d37c57064ef84b415bbf81c7b0b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e90f7012e40dba5ef66fa3e257d4419a5f9224088bc0bda57e34d75aaeae620
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A914332D0DAC95FEB65AEB898265B97BE1EF56380F0400EEC44DD71C3DD295C068B85
                                                                                                                                                                                                                                      Function 00007FF849752A3D Relevance: 2.8, Strings: 2, Instructions: 265COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: x*b$+
                                                                                                                                                                                                                                      • API String ID: 0-4121310047
                                                                                                                                                                                                                                      • Opcode ID: 5216e6bdc04d8ccf18aa69adb8600173d50c7af697ed2aab2bed026caa8c67b7
                                                                                                                                                                                                                                      • Instruction ID: 0286e5cf0e80777e05b491c8143754e4765ae82719e00427ec803f7432d05739
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5216e6bdc04d8ccf18aa69adb8600173d50c7af697ed2aab2bed026caa8c67b7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE71D330A1EA8A4FE7EDEE6C9454635B7D1EF993E0B54017DC44EC3A82DE24AC428784
                                                                                                                                                                                                                                      Function 00007FF84974FF39 Relevance: 2.8, Strings: 2, Instructions: 263COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: X*b$`*b
                                                                                                                                                                                                                                      • API String ID: 0-3891254299
                                                                                                                                                                                                                                      • Opcode ID: 1279efba5c7e40bf6fee7fd1e6b365f68e47575197113749918a238edfca9061
                                                                                                                                                                                                                                      • Instruction ID: 73737ced19a079b536a83d8ad60559e650a53c4dbfff1d305eba34ff7f4e224e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1279efba5c7e40bf6fee7fd1e6b365f68e47575197113749918a238edfca9061
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A71FB21A0E7C54FE7AAAE7C68521B57BD1EF432A4B0801FFC48DC75D3D9186C16839A
                                                                                                                                                                                                                                      Function 00007FF849746C3A Relevance: 2.7, Strings: 2, Instructions: 236COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: H$x6`
                                                                                                                                                                                                                                      • API String ID: 0-581813484
                                                                                                                                                                                                                                      • Opcode ID: b73b9c01d6b52fdf02bcb6af27767a25dc1421275e8aff78453957b4132a364b
                                                                                                                                                                                                                                      • Instruction ID: f1fdb579cc278ebcd8ff72fb476f8531b8221533893b7e247a78ec4b2a05169e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b73b9c01d6b52fdf02bcb6af27767a25dc1421275e8aff78453957b4132a364b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4671F270A0DA954FEB99BF6884A96B97BD1FF45780F0440BED44EC71D3CE18A8458B05
                                                                                                                                                                                                                                      Function 00007FF8497440AB Relevance: 2.6, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: H$H
                                                                                                                                                                                                                                      • API String ID: 0-1440724696
                                                                                                                                                                                                                                      • Opcode ID: 8fa7349e09e01ccd7c764c4ebf85f41cbf19f2058db0dc4bf275b4728d1b32c3
                                                                                                                                                                                                                                      • Instruction ID: 9b79adfd5f5b1976a4b43a4cdfe354cfe6fe4abedea86056927aa539089f791e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fa7349e09e01ccd7c764c4ebf85f41cbf19f2058db0dc4bf275b4728d1b32c3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0131F6B2D1F9465EEA94BF646403AFA73B0FF95384F1000B9E20D73083EE2C69058799
                                                                                                                                                                                                                                      Function 00007FF84974F60E Relevance: 2.6, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: ps6I$ps6I
                                                                                                                                                                                                                                      • API String ID: 0-1480859092
                                                                                                                                                                                                                                      • Opcode ID: fca4215674808cbd8623421e9a2dd2ba3c528656ba8b91221370e11a53ca0812
                                                                                                                                                                                                                                      • Instruction ID: 1f1aed7181bff63c0e1f4533a810ec872d2005f983ae58870ad66ab7e6dbc3b3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fca4215674808cbd8623421e9a2dd2ba3c528656ba8b91221370e11a53ca0812
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB218F31E1DE8B8FEAB8EE68545827527D1FFA87C4B4400B9C50ACB2AADD29FC014745
                                                                                                                                                                                                                                      Function 00007FF849E443CD Relevance: 2.6, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: h3H$p3H
                                                                                                                                                                                                                                      • API String ID: 0-259256590
                                                                                                                                                                                                                                      • Opcode ID: c1ad429f27575c39d06a9c93b231b70197470dcc6e3da3f4d31cf84bbc109539
                                                                                                                                                                                                                                      • Instruction ID: 77a308d17f39bb6b791495e5707bf6ef0c9d1099e6ae5256f400fc75997c4c27
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1ad429f27575c39d06a9c93b231b70197470dcc6e3da3f4d31cf84bbc109539
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2221D732F0DEC94FE3A8A92CA89567137D1FBA9314F54417AD14AC3297EE94AC068380
                                                                                                                                                                                                                                      Function 00007FF849E4422F Relevance: 2.6, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: @3H$<d
                                                                                                                                                                                                                                      • API String ID: 0-224167236
                                                                                                                                                                                                                                      • Opcode ID: 8c47baa5560fba1ce6e9f563a04df92f6d46f185b15b5e0ab960be7c4e669f9b
                                                                                                                                                                                                                                      • Instruction ID: 366b894752e83e002e4e006788f23eabdd93efd9d17b8973a42b34774a41476a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c47baa5560fba1ce6e9f563a04df92f6d46f185b15b5e0ab960be7c4e669f9b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F511B232B0DA898FE7A9FB3894166B976D2FF98754F0400BAD00DC3292DE685C028384
                                                                                                                                                                                                                                      Function 00007FF849749A02 Relevance: 1.8, Strings: 1, Instructions: 592COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: x9gI
                                                                                                                                                                                                                                      • API String ID: 0-2177469732
                                                                                                                                                                                                                                      • Opcode ID: cae77e029913ecc4d05e3c278c39734165036696c5112ec50b41fefdf515f30d
                                                                                                                                                                                                                                      • Instruction ID: 65939a7e72b80efbb5dc09c38f206efc1dae7bde39cf61b5aa496a0a9f4799d9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cae77e029913ecc4d05e3c278c39734165036696c5112ec50b41fefdf515f30d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94F12931A1CB854FE778EF6C98466B577D0FF49B90F10057ED489C3293ED29A8468386
                                                                                                                                                                                                                                      Function 00007FF84974C315 Relevance: 1.8, Strings: 1, Instructions: 506COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: ~~I
                                                                                                                                                                                                                                      • API String ID: 0-3415009632
                                                                                                                                                                                                                                      • Opcode ID: 9f0abd668881eec112f613f2df72de26d8543711c8d974b92316f52a5ed33a1c
                                                                                                                                                                                                                                      • Instruction ID: ff01b649c68c568d33a2afcdcbcfa3cb2baeb6c8c9c92404e53c09a3261a697c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f0abd668881eec112f613f2df72de26d8543711c8d974b92316f52a5ed33a1c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30E1033160CB488FE754EF6898466B5BBE0FF99350F44457ED489C32A2DA35E8428786
                                                                                                                                                                                                                                      Function 00007FF8497456FD Relevance: 1.6, Strings: 1, Instructions: 311COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: xsI
                                                                                                                                                                                                                                      • API String ID: 0-2142412431
                                                                                                                                                                                                                                      • Opcode ID: a01e189b88414a88205d82dd2cbc7d54fe5e4219912a02cb84208b5905715f9c
                                                                                                                                                                                                                                      • Instruction ID: f3289d18acf8eaa1ee00b083563f40f6617658397388ed34cc1badaefa2f24b3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a01e189b88414a88205d82dd2cbc7d54fe5e4219912a02cb84208b5905715f9c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7913631A0EA894FDBA6EF6C98546757BE0FF96391F0405BFD048C7293DD29A845C342
                                                                                                                                                                                                                                      Function 00007FF84975573D Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: x*b
                                                                                                                                                                                                                                      • API String ID: 0-954125561
                                                                                                                                                                                                                                      • Opcode ID: 8fc8e158c5f351430cdefed64f96d51ca84ab8a4c02d104e0631b9c6c8eeb0e9
                                                                                                                                                                                                                                      • Instruction ID: a424b3c5d001372e37d27893ad6ed29db30741d15f9ab5d3948eaf48ffca38b2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fc8e158c5f351430cdefed64f96d51ca84ab8a4c02d104e0631b9c6c8eeb0e9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F71A530B1DA8A4FE7F9EE189494635B7E1EF993E0B54017DD44EC3A86DE24EC428784
                                                                                                                                                                                                                                      Function 00007FF849754688 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: H*b
                                                                                                                                                                                                                                      • API String ID: 0-1017432916
                                                                                                                                                                                                                                      • Opcode ID: 3e4add50fc8f32b48b4a124e251bb6e8ee488c658b714349e2d45929fc107901
                                                                                                                                                                                                                                      • Instruction ID: 64844cb43768ae3b381e84a353b9c555e171f68907187b29769697bc0671c04e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e4add50fc8f32b48b4a124e251bb6e8ee488c658b714349e2d45929fc107901
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B761E231E0DE9E8FEBA8EF2894556F937E1FF59784B010179D40ED3281DE24AC0287A4
                                                                                                                                                                                                                                      Function 00007FF8497480F1 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: `:I
                                                                                                                                                                                                                                      • API String ID: 0-3808992335
                                                                                                                                                                                                                                      • Opcode ID: a577ab7daaa1b63b33c8196ee0c5cb4b46572df2bdbec23b56e216153410fae8
                                                                                                                                                                                                                                      • Instruction ID: 8d74d01f164ff2baee6e530d50cd496a84b0a74a973b12afb0ff90bac6066a25
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a577ab7daaa1b63b33c8196ee0c5cb4b46572df2bdbec23b56e216153410fae8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E471A131A0CB4D8FDB65EF5898456E9B7E0FF69780F0001BAD449D3252DE34AD418B85
                                                                                                                                                                                                                                      Function 00007FF84974982C Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: x9gI
                                                                                                                                                                                                                                      • API String ID: 0-2177469732
                                                                                                                                                                                                                                      • Opcode ID: 4c9a313a514119960586d598d28eb2f808844d20be27f6cf2421c6959186ccc1
                                                                                                                                                                                                                                      • Instruction ID: c4838a88fcebb0964bf2cfee58578e01464f694cfe9c853ef05cdca90e4c2706
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c9a313a514119960586d598d28eb2f808844d20be27f6cf2421c6959186ccc1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D511531A0DBCA4FE755FF7C98561A5BBE0EF86290F0405BFD44DC7293EA2898468346
                                                                                                                                                                                                                                      Function 00007FF849770330 Relevance: 1.5, Strings: 1, Instructions: 204COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: Xe$I
                                                                                                                                                                                                                                      • API String ID: 0-2668226824
                                                                                                                                                                                                                                      • Opcode ID: fc2f42d2c88d4b791180e95b9a19433beb966e5e8e50bd369ab1f03e54cd56a4
                                                                                                                                                                                                                                      • Instruction ID: ea245c163a3fed5258c683a78c8cdbb0ef3520201ea662ad6219d569c509119d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc2f42d2c88d4b791180e95b9a19433beb966e5e8e50bd369ab1f03e54cd56a4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D518931E0D98A4FE7B8EE6C981927537C1EF992D1B0402BED48DE72E1DD18BC064395
                                                                                                                                                                                                                                      Function 00007FF849745EA6 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: (*}I
                                                                                                                                                                                                                                      • API String ID: 0-3834209652
                                                                                                                                                                                                                                      • Opcode ID: fc62c333d040466b43dc40edd00ce84f5602d09782fe9194b5300357ac2e518f
                                                                                                                                                                                                                                      • Instruction ID: 1f53daee4d4bcbba87eeb8587dcd9782d0333d1d53138df2fc7ee0e7b231a2e3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc62c333d040466b43dc40edd00ce84f5602d09782fe9194b5300357ac2e518f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09519631E1CA5A9FEBA8EF58D485BA873A1FF54780F5002B9C00DD7196DE34BC468B85
                                                                                                                                                                                                                                      Function 00007FF84974D518 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: H*b
                                                                                                                                                                                                                                      • API String ID: 0-1017432916
                                                                                                                                                                                                                                      • Opcode ID: 83212a7fc8eac15b8e9448d2cf4baddebb54c8b48992e7425b36b4f04b8f2baf
                                                                                                                                                                                                                                      • Instruction ID: 54924ce47f07aeb8e3d5acfad521bdb93ea3db8f3d2d01fdb82b24b1dcf863fd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83212a7fc8eac15b8e9448d2cf4baddebb54c8b48992e7425b36b4f04b8f2baf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D41F921B0DD9E1FEBE5BEACA85827573D1EF95290B4541BBC44DC3296DD18AC028384
                                                                                                                                                                                                                                      Function 00007FF8497524F6 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: ~I
                                                                                                                                                                                                                                      • API String ID: 0-717318744
                                                                                                                                                                                                                                      • Opcode ID: 875459b8b924e524d561986c33704e450678cc928080ecf61343640ab8faace9
                                                                                                                                                                                                                                      • Instruction ID: 46419c79bd7ce8830f165e7dbb22876a18686a885fddbfdbdbccd943232a66d2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 875459b8b924e524d561986c33704e450678cc928080ecf61343640ab8faace9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0410861E0D98A4FD7F9EE2C94642B5B7E2FFA53A071445FBC04DC7586DE289C468380
                                                                                                                                                                                                                                      Function 00007FF849E44B26 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: @8`
                                                                                                                                                                                                                                      • API String ID: 0-1625179472
                                                                                                                                                                                                                                      • Opcode ID: a8e76cf9823c257a5fa5bc144e4ef457b2acf798e0b24224bb2ff8cfd48e9480
                                                                                                                                                                                                                                      • Instruction ID: 4100c8cdfc52507777f4d6fb9dc420df7c33a989f0f62f986470443951da8ab0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8e76cf9823c257a5fa5bc144e4ef457b2acf798e0b24224bb2ff8cfd48e9480
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D414D31B1994E8FEB94FF2CC495AA977E2FF58345B0504B9E00DC72A6DE64EC418B00
                                                                                                                                                                                                                                      Function 00007FF84974DA00 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: H*b
                                                                                                                                                                                                                                      • API String ID: 0-1017432916
                                                                                                                                                                                                                                      • Opcode ID: 0353dbdc74fe235e70601609530eb4ab5e3c03ee6d0b227e3ab6c3e7491af9f2
                                                                                                                                                                                                                                      • Instruction ID: 8256cc6fb5d1db2a9a3c5059b236ea3d2fe50b2d93a3f555132711ccaf0af464
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0353dbdc74fe235e70601609530eb4ab5e3c03ee6d0b227e3ab6c3e7491af9f2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE411630A4DA8A8FEBA1FF68D890671B3E1FFA9384B440479C44DC7186DE29F8428745
                                                                                                                                                                                                                                      Function 00007FF849E44944 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: a
                                                                                                                                                                                                                                      • API String ID: 0-4274467830
                                                                                                                                                                                                                                      • Opcode ID: fd2e6b3288f8d4fbc354e455302d20d6e371d0a405325ac11b35728e7e13f539
                                                                                                                                                                                                                                      • Instruction ID: d902167265ce4b3843c841abfff90d34842ee4c3b4dd4231eb33c6ed44006332
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd2e6b3288f8d4fbc354e455302d20d6e371d0a405325ac11b35728e7e13f539
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED411A31E0CACA8FEB95EF78A8951A87BD1FF59344B0400BED10DC7192EA645C41C341
                                                                                                                                                                                                                                      Function 00007FF84974E8B2 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: P*b
                                                                                                                                                                                                                                      • API String ID: 0-3542174626
                                                                                                                                                                                                                                      • Opcode ID: 6d508307a624d800e5af2af264d2c1e7bfc984d59f45d2e445df9f0edce358f4
                                                                                                                                                                                                                                      • Instruction ID: d26bdb40415059fcccf05e3b017c46f74a7d0ccfb8ac558b2eea0604b0b0e261
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d508307a624d800e5af2af264d2c1e7bfc984d59f45d2e445df9f0edce358f4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B431152191EAC60FEB66BF785859865BFE1DF562A070800FFD089CB1D3D919AC46C386
                                                                                                                                                                                                                                      Function 00007FF849E4185D Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: H|\I
                                                                                                                                                                                                                                      • API String ID: 0-989975958
                                                                                                                                                                                                                                      • Opcode ID: caa9153652daa1f1cb3978447d7abab20f78b6dd361c0ac612371f2a86d4398e
                                                                                                                                                                                                                                      • Instruction ID: e62024e97f1ae81c9bf42dc1ce7909aada52e390de668bc843d28ee3be39c456
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: caa9153652daa1f1cb3978447d7abab20f78b6dd361c0ac612371f2a86d4398e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F417A3290DADA4FEB75AA7858965E47BD1FF66390F0801FAD44CCB1D3E94A5C0AC342
                                                                                                                                                                                                                                      Function 00007FF849746FD9 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: G=I
                                                                                                                                                                                                                                      • API String ID: 0-996289465
                                                                                                                                                                                                                                      • Opcode ID: 46146db2a971a7ababd1241fd93fd49f6891a03468facee3fb6c41692978bd0a
                                                                                                                                                                                                                                      • Instruction ID: 37801a462e29c1a9cd6c76bcae0889e9434dc583b41959cafe0425757263d043
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46146db2a971a7ababd1241fd93fd49f6891a03468facee3fb6c41692978bd0a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D331F62161DA894FDB95EF2C9469BB477D1EF9A791F0402FBE04DC71A3CE185C418741
                                                                                                                                                                                                                                      Function 00007FF84974E2F5 Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: H
                                                                                                                                                                                                                                      • API String ID: 0-1819885299
                                                                                                                                                                                                                                      • Opcode ID: fd35e941c91aabd809def0f73f807764360c27e2fb81f37ab3d09f3034954947
                                                                                                                                                                                                                                      • Instruction ID: 86efa3f16f4605772bcc7784e169cebd6e751b73eec5692cd93a07dfd0170edd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd35e941c91aabd809def0f73f807764360c27e2fb81f37ab3d09f3034954947
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5731F671E0DB854FD3A6EF7898591617BE1FFA925570506BFC049C72A3DA28EC01CB44
                                                                                                                                                                                                                                      Function 00007FF849750C9B Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: ~I
                                                                                                                                                                                                                                      • API String ID: 0-717318744
                                                                                                                                                                                                                                      • Opcode ID: 79a8f458b1d9ebab34dae092ac7b76054407faa26dfa3ce989bb5e2c0e6d19f4
                                                                                                                                                                                                                                      • Instruction ID: d335357e4264a6a2e13437386ffc193f717068aae13163d586c42ded19b15675
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79a8f458b1d9ebab34dae092ac7b76054407faa26dfa3ce989bb5e2c0e6d19f4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77218F22D1DACA4FE6F4BE1854052B6B2D1FFA83F5F14027AD80DD79D6ED29B8064384
                                                                                                                                                                                                                                      Function 00007FF849749392 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: p3~I
                                                                                                                                                                                                                                      • API String ID: 0-3538585861
                                                                                                                                                                                                                                      • Opcode ID: 5b62bcfc56da2bac9621c52107a07ed10c78d1fdd383299c8ee0e14bd755d39c
                                                                                                                                                                                                                                      • Instruction ID: 033a08afd278f8526911230d9f1eba42e591fbe970916abc578959f536f13a07
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b62bcfc56da2bac9621c52107a07ed10c78d1fdd383299c8ee0e14bd755d39c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F11542090EAC64FE35AEB6864155723FF0EF56390B0501FBD448DB0D3DD1DA80683A5
                                                                                                                                                                                                                                      Function 00007FF849749968 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: x9gI
                                                                                                                                                                                                                                      • API String ID: 0-2177469732
                                                                                                                                                                                                                                      • Opcode ID: 76a56dcc57aba00d2c8a393cadd695b12b6d0beb7a263c0ac89cbc06ef5df054
                                                                                                                                                                                                                                      • Instruction ID: a5e04159a5c45581d7f92ef02ea653cdb6658421f9c5bb663e1fac0f057cfa7d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76a56dcc57aba00d2c8a393cadd695b12b6d0beb7a263c0ac89cbc06ef5df054
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93112531A4EA8E5FE794FEBC545A2B477C0EF45291B0401BFD80DC7293ED586C868705
                                                                                                                                                                                                                                      Function 00007FF849E4425B Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: @3H
                                                                                                                                                                                                                                      • API String ID: 0-829003917
                                                                                                                                                                                                                                      • Opcode ID: 4c63ae1ca2dfaa3b63e436e41241032120cec1a41be9cb2ef83100e530643684
                                                                                                                                                                                                                                      • Instruction ID: 51d0e56102264f54c7fd1d2a1a3d3dc5654ca64a282a3f5741a3eaa8f5b55c2f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c63ae1ca2dfaa3b63e436e41241032120cec1a41be9cb2ef83100e530643684
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5116D32B188098FE7A8EB2C94597B967E2FBE8755F0401BAE50DC3291DE689C418780
                                                                                                                                                                                                                                      Function 00007FF84974812C Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 0f}I
                                                                                                                                                                                                                                      • API String ID: 0-144993952
                                                                                                                                                                                                                                      • Opcode ID: 8ed45275a445f01e951a96a75d1fc6e61611f698a015e0c3c4df7d7b921975b4
                                                                                                                                                                                                                                      • Instruction ID: 5a83d67caebede9ee0589c684dae8b82a672fe5cc16e9fd1b9eab649cdcae626
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ed45275a445f01e951a96a75d1fc6e61611f698a015e0c3c4df7d7b921975b4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00F09031F0C80E8FE294AE4CE4497B073E1FB546A0F1501B7D00DCB2A6DD29AD424744
                                                                                                                                                                                                                                      Function 00007FF84974CBD8 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 8)b
                                                                                                                                                                                                                                      • API String ID: 0-1881586757
                                                                                                                                                                                                                                      • Opcode ID: 20f96b60c6a88a153e31120539aff1cfb1359b5ce5879007fde77367e6cec716
                                                                                                                                                                                                                                      • Instruction ID: 9c6c164263a6dbc309ce63f55bb853ee690c065913a65dbcbf03966c5d108ac7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20f96b60c6a88a153e31120539aff1cfb1359b5ce5879007fde77367e6cec716
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C501263288E7CABFC752EAB894525E93FE0EF021C070C01EEC505E7183D91D04078B41
                                                                                                                                                                                                                                      Function 00007FF84974E3D1 Relevance: .6, Instructions: 617COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c94866602d732617beff7d243cb24fb7c55381f943b9aa7e1347a603c5c1d89c
                                                                                                                                                                                                                                      • Instruction ID: 567dcf60d246888cf1ad420d96a465dc093784ac2eb1a35aaec0144f9dabaf5f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c94866602d732617beff7d243cb24fb7c55381f943b9aa7e1347a603c5c1d89c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D512783190D68A4FE775EF68D8496B57BE0FF853A0F0402BAD44CCB1D3DA29A806C795
                                                                                                                                                                                                                                      Function 00007FF849753941 Relevance: .5, Instructions: 546COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8d47171e072a93e4d8182a4067128e4faf628946893556f0f920a79f14977eb8
                                                                                                                                                                                                                                      • Instruction ID: 9ae9f032004cee48dca2a7b8a6f18b80a3872fde1568bfeae107c71a23eb1803
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d47171e072a93e4d8182a4067128e4faf628946893556f0f920a79f14977eb8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A202D42190E6C68FE3B6BF2844166A5BBE0EF563E0F4500BAD44DCB5E3ED1D68098355
                                                                                                                                                                                                                                      Function 00007FF8493A34FB Relevance: .5, Instructions: 539COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7a015a43e9468385b5489c0dfa1ab7fa2f17de28c7de3dce8f320e98be18d09b
                                                                                                                                                                                                                                      • Instruction ID: 6a1b5d479a2f3af9085ed36097a7108df06c52bab5e27f10f9cb722fbdec8ba0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a015a43e9468385b5489c0dfa1ab7fa2f17de28c7de3dce8f320e98be18d09b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14F1F631A0DB8A4FEBA5EF2898556F977A1FF96370F14017AD04DC7193CE29AC068781
                                                                                                                                                                                                                                      Function 00007FF84977F358 Relevance: .4, Instructions: 407COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 37826d9267b5bce5eed4e7f9adb52be5e6c6ef42866a045a3f4540778a849113
                                                                                                                                                                                                                                      • Instruction ID: 63846a01f9ba02137e4ccd8d5e16d067a4b32a4f9408a99db66269ba4a6f415a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37826d9267b5bce5eed4e7f9adb52be5e6c6ef42866a045a3f4540778a849113
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2EA14A31B1CE5A4FE6A8EE1CA851AB973C1FBD87E0B11427AD44EC3295DD28EC4243C5
                                                                                                                                                                                                                                      Function 00007FF8497449BD Relevance: .4, Instructions: 375COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e2b9514211a477b4201bc50359790f7719d17d3a35348eded80755fda2edca7c
                                                                                                                                                                                                                                      • Instruction ID: 81a736749800f0dc216054f463c693adc35b97f4e00d3d2d2fa52f7b60ccee5f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e2b9514211a477b4201bc50359790f7719d17d3a35348eded80755fda2edca7c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62C19030A0CA8D8FEBA8EF68C4547A977E1FF98394F540579D40ED7296CE79A842C740
                                                                                                                                                                                                                                      Function 00007FF849E41A0C Relevance: .4, Instructions: 365COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6676e6965703ecd60e9040461c1524d3a44643c3d227a385d5eb553cef3c73a1
                                                                                                                                                                                                                                      • Instruction ID: c975938b78802f1727664b957601d912320bd5350e08912cb907ac3a23a522d7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6676e6965703ecd60e9040461c1524d3a44643c3d227a385d5eb553cef3c73a1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7C16830D0D7D94FDB6AEE7888919A97FE0FF66240F1801FED089C7193DA6A9806C751
                                                                                                                                                                                                                                      Function 00007FF8493A5C55 Relevance: .4, Instructions: 362COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ef04d528c33f47b2bb46e5148ef6c695a5ccf18862f2c7d95162bf5969b09280
                                                                                                                                                                                                                                      • Instruction ID: 77ec9fff6622dd8bf673c0d659b53d06b460f70e8952883155d9f340f68166f2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef04d528c33f47b2bb46e5148ef6c695a5ccf18862f2c7d95162bf5969b09280
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87C1583191E7C64FE765AF289C552B97BE0EF53370F0801BAC449CB193DA2DA886C381
                                                                                                                                                                                                                                      Function 00007FF84974DF8B Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2d6345ab6e81e1ac4906bd2f7c1cd21d96fd15333dd9779598b0d026b7ec01e3
                                                                                                                                                                                                                                      • Instruction ID: 13c7c0fdfcfad07cebca51d52016d332a56ebeea9c5410159c5a76e642f2aa82
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d6345ab6e81e1ac4906bd2f7c1cd21d96fd15333dd9779598b0d026b7ec01e3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83A1E33160CA498FD788EF28D489AA577E0FF95360F1445BAE44DCB267DA35E882C781
                                                                                                                                                                                                                                      Function 00007FF8493A0E65 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ea1cc6e63a33903dc08a861882356d5852522d0b4d2a5fbed8fbd4c13dfe13e3
                                                                                                                                                                                                                                      • Instruction ID: 1a4135af2ba8c99522a6c3150cd42113f175b77272cd6f36a1e63995e191b2c9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ea1cc6e63a33903dc08a861882356d5852522d0b4d2a5fbed8fbd4c13dfe13e3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44C19D3190CA8E8FDF95EF58D894BEA77E1FF69354F040579D449D7182CA38A881CB80
                                                                                                                                                                                                                                      Function 00007FF8493A41B2 Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6b7407bf5c1d1e8abe2d0de9b302e2b2db6c247fcafd30a456662e605b2a2ad3
                                                                                                                                                                                                                                      • Instruction ID: 7c72e0c2fd0a08b313f523a3f94fa5f242d23a0ed93e45fc54696fe1eca7ea7b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b7407bf5c1d1e8abe2d0de9b302e2b2db6c247fcafd30a456662e605b2a2ad3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91912830B1DB894FEBA8EE28984967577D1FF963A0B04117DC04EC7686DE29FC428741
                                                                                                                                                                                                                                      Function 00007FF849751DDE Relevance: .3, Instructions: 316COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 050113cd57533f1705e51a5dad3188c2afb8fb7371a08b441aa6c893afa6f4c6
                                                                                                                                                                                                                                      • Instruction ID: 2bbbada95c28ea10b4640e96ab92820cd42ba3aac64f38ee79fb422514554892
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 050113cd57533f1705e51a5dad3188c2afb8fb7371a08b441aa6c893afa6f4c6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B4913731A0DA894FEBE9EF2894547B577E1EB953A1F1441BAC00DC76D2DE28AC46C381
                                                                                                                                                                                                                                      Function 00007FF8493AD178 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c70825f06a2ff3922992b6a89a74fc7d3ba4bcb4d02e12ed93cef614a3dd42a4
                                                                                                                                                                                                                                      • Instruction ID: 1cf75ab743ab6c12ca2d2aa5c84c40c8140a9b35e81863b300b3c708f0f347f8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c70825f06a2ff3922992b6a89a74fc7d3ba4bcb4d02e12ed93cef614a3dd42a4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7171E270A1CB4A4FE6A8AB2C98162B573D2FF95350B44017ED45EC32D6DE68FC068381
                                                                                                                                                                                                                                      Function 00007FF849747F80 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: da96dc34a15e028d622bab1051e7699a3630336550026396ab3607cdbfac2377
                                                                                                                                                                                                                                      • Instruction ID: 186f99b863e29bdc601769ae879c84d5394275817a86302db980ad1b32576c3c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da96dc34a15e028d622bab1051e7699a3630336550026396ab3607cdbfac2377
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C681D231A0CA4D8FDB65EF68D8456F977E1FF69780F0001BAD449D3252EE34AC418B81
                                                                                                                                                                                                                                      Function 00007FF8493A05A1 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f97494fd6ce777e7a08a3a2f03f934529782e77127ded874321250574238222f
                                                                                                                                                                                                                                      • Instruction ID: e94baa776630b687699e07259f34f553aefdd3778689d8d20a1b92774f31bb7f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f97494fd6ce777e7a08a3a2f03f934529782e77127ded874321250574238222f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F816070A0DA8A8FDB95EF288855AA977E1FF59350F440569D40DC72C6CE39AC42CB81
                                                                                                                                                                                                                                      Function 00007FF849747FFB Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4d9d1da48c7780a9f0e94be4d248c2e4b1363f6a1c18621bcb5faec99fe10fc4
                                                                                                                                                                                                                                      • Instruction ID: a1278c4194434e8178e7df8695778f32722da59f7fda9bc273c325d1cb3e6eec
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d9d1da48c7780a9f0e94be4d248c2e4b1363f6a1c18621bcb5faec99fe10fc4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F371B031A0CB4D8FDBA5EE6898956E977E1FF69740F0001BAD449C3252EE34AD418B81
                                                                                                                                                                                                                                      Function 00007FF8493AB0FA Relevance: .3, Instructions: 252COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 134f985967e28dcc37d4b27d9d62f2cc0116b0e209a382673ed9bc76ce63a555
                                                                                                                                                                                                                                      • Instruction ID: 8e810c4c725223e1665fe4ce67c919b2d202124c0baa6fe2ce421d9917206947
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 134f985967e28dcc37d4b27d9d62f2cc0116b0e209a382673ed9bc76ce63a555
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47712C72D0DA864FF7A4AE2CAC952B537A0EF623B5F0811B6D05CCA1C7EE1C9C428355
                                                                                                                                                                                                                                      Function 00007FF84974D666 Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0426f76995c9baff0c17d5d1e31060c6153e7f4d2fd55513e4725b01c3c989de
                                                                                                                                                                                                                                      • Instruction ID: 1bbdeae20d9bf8632eb0d3b59e72d71310a2d43b577b4d6fce18a64fb801664f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0426f76995c9baff0c17d5d1e31060c6153e7f4d2fd55513e4725b01c3c989de
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6512631A0DA8A5FEBA5FE6C545927577D1EFA93D0B0440BAC44DC7296DE18AC428341
                                                                                                                                                                                                                                      Function 00007FF84974C14C Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8d1fde8108455061e0deeed638b3aaa97a6ec070b375990010122a60cce3267d
                                                                                                                                                                                                                                      • Instruction ID: 8e5493686de76d0f3fdc8860eaa2e00e37cdb12a68038d0ff67cccde46484fde
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d1fde8108455061e0deeed638b3aaa97a6ec070b375990010122a60cce3267d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B151053160DA094FE758AF5CE8426F677E0EF553A0F1402BED04DC7297DE2AE8428785
                                                                                                                                                                                                                                      Function 00007FF849BF11DA Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2481215214.00007FF849BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849BF0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849bf0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 77f086c62184114bc85fa38143197d0092b0fb1ffcc5960c519dfd09177a9bc0
                                                                                                                                                                                                                                      • Instruction ID: dc3e7b3076116e09957be8fe28cb220c944a1cecff3dc12df82ce861b578aa50
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77f086c62184114bc85fa38143197d0092b0fb1ffcc5960c519dfd09177a9bc0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5618D21E0EEEF4FE7B6AA7C14195B57BE0EF5669070805FFC489C7A96CD189C068381
                                                                                                                                                                                                                                      Function 00007FF84974AF4C Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8a469e5fc344e515782f469abc569d5a43cfd69ad2a56bb697b065be83184096
                                                                                                                                                                                                                                      • Instruction ID: f902609d30a235f2426c5ee625b8388af1c634d745b8d480e4c9b3dd1a24f209
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a469e5fc344e515782f469abc569d5a43cfd69ad2a56bb697b065be83184096
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42513831A0DECA4FE7B9EE68985527977D1FF95281F1401BAC088C71A7DD28EC068385
                                                                                                                                                                                                                                      Function 00007FF8493A3D6A Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 095123eff32c88b1f45e78166005435971ac34c214f13f46a0fa18a0622cb838
                                                                                                                                                                                                                                      • Instruction ID: 58117a48fde12ba7239e1bf57d35c77a6c482cbb62b98490b421b46b473b24cf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 095123eff32c88b1f45e78166005435971ac34c214f13f46a0fa18a0622cb838
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8351053190DB8D8FDB55EF6898066BA77F1FF96320F04407AE049D7193DA29A842CB81
                                                                                                                                                                                                                                      Function 00007FF849BF79F1 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2481215214.00007FF849BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849BF0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849bf0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: da1b06396398842961d57e7376b2f44a6e50f8c9a57ed224e3b2acf7f54b4590
                                                                                                                                                                                                                                      • Instruction ID: 1a2c5bdbe9900aa13377a3e1a57b134dc1d1bb2c566b34892d6cc6495a777aa8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da1b06396398842961d57e7376b2f44a6e50f8c9a57ed224e3b2acf7f54b4590
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D611C71D1895E9FEBA4EF28C8996E8B7B1FF68341F1000EAD44DD3296DE345D828B40
                                                                                                                                                                                                                                      Function 00007FF84974DC90 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e51a1906ffd2b727cae3ae3f5f3fc45bc0123ec6a7cd7c112d195fb5d7a88946
                                                                                                                                                                                                                                      • Instruction ID: fb1d624856e8655f8b615a2ab4181dfe32e32196e210baa378166fe625430057
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e51a1906ffd2b727cae3ae3f5f3fc45bc0123ec6a7cd7c112d195fb5d7a88946
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26511A2590E6C64FE375FF68541B4F67BA1FF412E8F0805BAD08A8B1D3ED1CA40A8385
                                                                                                                                                                                                                                      Function 00007FF8493A083E Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4586486dd8b75f64826d5a62eadd0c7606e69a6c0fbbe46ec994fe2c7b3ca0b7
                                                                                                                                                                                                                                      • Instruction ID: 185c59e71595ab1d15a828962ea9d8f3a85b9fedc56c100ffdfc0b7c3705d27a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4586486dd8b75f64826d5a62eadd0c7606e69a6c0fbbe46ec994fe2c7b3ca0b7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52510930A1DB864FE799EB2C881556277E2FF9A360B1401BED04DC3297DE28EC478781
                                                                                                                                                                                                                                      Function 00007FF849E40D7D Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1198d97acdb43036100e391db877065ec22364e8e7200a96c33acfdf74b7de43
                                                                                                                                                                                                                                      • Instruction ID: 35716337d336f59c67526cb030bcf713b2796dc1f821b04f004b57c3edacbe59
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1198d97acdb43036100e391db877065ec22364e8e7200a96c33acfdf74b7de43
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED51F770918A5C8FDF58EFA8C889BE9BBF1FB55301F1041AAD409D3252DB74A985CB81
                                                                                                                                                                                                                                      Function 00007FF84974AFD0 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d306756bbde74515fdc4cec26cab4aa1762fe03c6a5e4aa054af9d30b9f33ae0
                                                                                                                                                                                                                                      • Instruction ID: 38565a9b7409189440f02ee1e97ce179dd58bb17baffc5c37fc8651eb9f19670
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d306756bbde74515fdc4cec26cab4aa1762fe03c6a5e4aa054af9d30b9f33ae0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD518931A0DE8A4FD7B9EE5C98516B973D1FF94391F5406BAC058C31A6DE28EC0A8381
                                                                                                                                                                                                                                      Function 00007FF849750D82 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d744340bc5bbbfff8ef36d1a75a22b476583749fa9fff9ea3396df33b7b324d0
                                                                                                                                                                                                                                      • Instruction ID: f7b0310eb01ee5a8b475970995caa510deda3856a8d72f0bebeaf97bdf0f6f5e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d744340bc5bbbfff8ef36d1a75a22b476583749fa9fff9ea3396df33b7b324d0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB51F63190DB8A4FE7F8FE2848562B5B7D1EF543E1F24457ED49DC3682DD28A80A8385
                                                                                                                                                                                                                                      Function 00007FF8497471FD Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ad9d6ffe803419f4d7246baf835dd4dedde47ef42f1821db270bdd66a7c5b1af
                                                                                                                                                                                                                                      • Instruction ID: f2d18b76b16cd246e0010135c4d5df2eef30ef5d4df49f29680954bd0a9065f1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad9d6ffe803419f4d7246baf835dd4dedde47ef42f1821db270bdd66a7c5b1af
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9412732A0EB954FD752EF6CA4415E6BBE0FF963A0F0405BBE149C7193CA24D84687C6
                                                                                                                                                                                                                                      Function 00007FF849742385 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9f01a5899a83c8e8223c34f60ed6062ec1e8b33a378083ad6dffa2be9bd8f3b3
                                                                                                                                                                                                                                      • Instruction ID: 7b70dd64e3f09887e87dd350e887232403b2b24880b86b8bab4ae9c2e4eeacd5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f01a5899a83c8e8223c34f60ed6062ec1e8b33a378083ad6dffa2be9bd8f3b3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7551C43061CB898FDBA5EF28845467277E1FF99380B1405BDC58ACB196CA39FC46C780
                                                                                                                                                                                                                                      Function 00007FF848E1DF40 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2457495576.00007FF848E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E1D000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff848e1d000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 52eab3b2075271decd7c13205a43ececb12605aea2ddbf2b47e0d9748ffc8474
                                                                                                                                                                                                                                      • Instruction ID: 6a1df7814c19f3519cedb75f6ade65def2fa10237c16a20bf69ed4ccdc621516
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52eab3b2075271decd7c13205a43ececb12605aea2ddbf2b47e0d9748ffc8474
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C41F43190DBC48FE7979B3998556523FF0FF57220B1901DBD088CB1A7D629AC49C7A2
                                                                                                                                                                                                                                      Function 00007FF849BF42F5 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2481215214.00007FF849BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849BF0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849bf0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ffd1d3964e69bbd6141647ebcf2b9b1c4f3fdc91682c03d37d10a3e29e266457
                                                                                                                                                                                                                                      • Instruction ID: c58db457a10e7b29085608eaa3307b54c6e6f672171f4ed62a9c30d664b6938f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffd1d3964e69bbd6141647ebcf2b9b1c4f3fdc91682c03d37d10a3e29e266457
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F51BD7191989E9FDB98EF18C895BE9B7B1FF68340F1085A5D00EE3255DE34ADC18B80
                                                                                                                                                                                                                                      Function 00007FF849750741 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 20025ab461ce47602010e47d290d435943f9ee57272e397a02ef885399f2b98b
                                                                                                                                                                                                                                      • Instruction ID: 3684b176f125dbfb99b3d0d12a31dc7ec3b3bcc5e806bb46a541b18fd7801971
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20025ab461ce47602010e47d290d435943f9ee57272e397a02ef885399f2b98b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3741D365C0EACA5EE6E5BE1858016B6A6D0FF953F4F1401B9D08CD7883ED0C790A83DD
                                                                                                                                                                                                                                      Function 00007FF849E41C14 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 502e3c7313c485e571eb532fef37b73a19bf77c4d304dde2c4a6b0f2d0077f55
                                                                                                                                                                                                                                      • Instruction ID: 08788453008b1c1fdff351a94594eee4f8527b52e8c3b0b4848ff42c5799202f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 502e3c7313c485e571eb532fef37b73a19bf77c4d304dde2c4a6b0f2d0077f55
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6641282194C7E54FDB5AAA385CA18A43FE1FF63244B2801EFD089CB183C95BD907C392
                                                                                                                                                                                                                                      Function 00007FF84974528C Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5ccb72a3a046fc5054f1c41261ad2c651061dd843a8a89d78b116d244622dd94
                                                                                                                                                                                                                                      • Instruction ID: 33edd5c7f82da6a90592a3d4fe9dfb955f400e54e08c648cd82afa85728dcded
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ccb72a3a046fc5054f1c41261ad2c651061dd843a8a89d78b116d244622dd94
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F741AE72E1CD8B8FEAA4FE6C94A46B277E1FF653847550076D448C3187EE28EC028784
                                                                                                                                                                                                                                      Function 00007FF84974C445 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2a2d718c94ae1c48ed9b167e1e1c4a317bb9b0cebd60d6f8bd296695648f236b
                                                                                                                                                                                                                                      • Instruction ID: c468e21a3f8e78cda4d3dcc312587879b358206fd49fd66f9eabef9948fdbe3b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a2d718c94ae1c48ed9b167e1e1c4a317bb9b0cebd60d6f8bd296695648f236b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E741193040D7C84FD7559B2C98166A57FE0EF86360F0805BFE0C9C32A3DA696846C792
                                                                                                                                                                                                                                      Function 00007FF849744DA7 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8f7959c30ec53a92c879202e12b8fc457134c97db2c5cdfa00ce897bba822873
                                                                                                                                                                                                                                      • Instruction ID: cdfd05e61619bddb5c951a56269aeddd235ee2599f3782fb3641e4141ae8898e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f7959c30ec53a92c879202e12b8fc457134c97db2c5cdfa00ce897bba822873
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5410831A18A9D8FEF98EF68D4956EA77F1FF58344F40007AD409E7292DE35A841CB44
                                                                                                                                                                                                                                      Function 00007FF849752A04 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2ad75e0cbd08877cc6a039aa95f9e7cda1816de42860c17490f286eff40c58af
                                                                                                                                                                                                                                      • Instruction ID: 8c945bd9a36c7c210c5bc76ec7019bcb45908a92183522894eb5211d6e684c6c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ad75e0cbd08877cc6a039aa95f9e7cda1816de42860c17490f286eff40c58af
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84314631B0DA8A0FD7A8EE2C68551B1B7E1EFA52B0721017FD44DC7142E926EC868380
                                                                                                                                                                                                                                      Function 00007FF8493A2E7F Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 19c798a1a41587bbf1f8f9865a8ea703c920b875cc56ad02e4a39d693116839c
                                                                                                                                                                                                                                      • Instruction ID: b8d8a7a2eca9c53d8be8a95365b773061001f107b7765894c1ce27540c683b4c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19c798a1a41587bbf1f8f9865a8ea703c920b875cc56ad02e4a39d693116839c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23412972A0DAC60FE362E7349C261A57BE1EF57260B0905FEC488C71D7DD0858468382
                                                                                                                                                                                                                                      Function 00007FF8497452CC Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ce7a111b9cd8a5808643b953cf4d80ca37d9536a56fd9ba417e6bfbb196d9012
                                                                                                                                                                                                                                      • Instruction ID: ed031f041b16544ddb7c15e88105378651cbcdf7f37fe0b222870eae568f640e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce7a111b9cd8a5808643b953cf4d80ca37d9536a56fd9ba417e6bfbb196d9012
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E319E72E1DD8B9FEAA4FE6C94946B277E1FF653847550076D448C3287EE28E8028744
                                                                                                                                                                                                                                      Function 00007FF84974B255 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 86d196a2e8561c80c292d06ceb5370ff14048df03441e385bd84d01b4d0aba1e
                                                                                                                                                                                                                                      • Instruction ID: 9d964f3570ed08eab8f8c24e296185c7b2ece8e3e1ebc501b83ab92c11993598
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86d196a2e8561c80c292d06ceb5370ff14048df03441e385bd84d01b4d0aba1e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71313B31A0DAC64FD776EE585C125B93BA0EF96380F1505BBC089CB1A7D918AD0A8396
                                                                                                                                                                                                                                      Function 00007FF849744D74 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2a895149df8ce054e882ca5fa14ce4d7642fa2f51b375ba95893a4c538f0311c
                                                                                                                                                                                                                                      • Instruction ID: 5b28d119bb5affd8957505ffa9dd85a30ee7048949b71a9865c9074a7da6d158
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a895149df8ce054e882ca5fa14ce4d7642fa2f51b375ba95893a4c538f0311c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73416C31A18A9D8FEB98EFA8D8956E977F1FF58344F44007AD009D7292CF35A841CB44
                                                                                                                                                                                                                                      Function 00007FF84974F941 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f2f90f6c137bd3d409e307bbe8c5ff5261dac2b6e642965ed3984c2dd10da7af
                                                                                                                                                                                                                                      • Instruction ID: a524bc8615c39d7eb7009aa745c2bd234f011ada895561752aab3d5f9d6126e3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2f90f6c137bd3d409e307bbe8c5ff5261dac2b6e642965ed3984c2dd10da7af
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03314D307089585FEBA8FE2CC459A7A77E1EF69741F0100BAE44EC72A7DD24EC428791
                                                                                                                                                                                                                                      Function 00007FF84974529C Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1491a7d330595e92883f7823fbc33d2c449451dbb14e2e08b966a0425314f5aa
                                                                                                                                                                                                                                      • Instruction ID: a2b2cbbc967cccd5bc03be42049370c4cb29c7516ca9deed982533aa3a943c17
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1491a7d330595e92883f7823fbc33d2c449451dbb14e2e08b966a0425314f5aa
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D318B72A1CD8B5FEAA4EE5C94946B277E1FFA8384B550076D409C3247EE29EC028744
                                                                                                                                                                                                                                      Function 00007FF84974F908 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 86f42fead6a3a8043e25536608135400b2c82576de89436d1b712ca2f8bcf044
                                                                                                                                                                                                                                      • Instruction ID: 1a7db920518ef7e79cae308968cb44a721b57d68b1f0fd895b7371e9c01c4225
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86f42fead6a3a8043e25536608135400b2c82576de89436d1b712ca2f8bcf044
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E315C307189585FEBA4FE6CC459B7A77D1EFA8741F1000BAE44DC72A2DE24EC418781
                                                                                                                                                                                                                                      Function 00007FF849746C99 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3662d1bee8bd4be1661f677c027c1ce1cf5b5d1e847caa9f5d39223f90b38953
                                                                                                                                                                                                                                      • Instruction ID: 696125bdde50daf9dba55f104b7d968459819fa33d43817f4f670540c9a63910
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3662d1bee8bd4be1661f677c027c1ce1cf5b5d1e847caa9f5d39223f90b38953
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF41D270A0DA855FFB95BF6884A57B96BD1EF557C0F4400BEE48EC71D3CD1898414B06
                                                                                                                                                                                                                                      Function 00007FF8493AC1D9 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 858a9d3348b3611562767d6807b9eb2b14c8928452df51b562a76f4c71ec24bc
                                                                                                                                                                                                                                      • Instruction ID: 3b08db322f3fb2c0b686b98f9ffbbc9d7314a773fe69a715403ed7a429d83790
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 858a9d3348b3611562767d6807b9eb2b14c8928452df51b562a76f4c71ec24bc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1431E33190D7C89FDB66ABA8A8512FA7FE0EF93361F0401BBE089D3183D9481805C392
                                                                                                                                                                                                                                      Function 00007FF849755299 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4938342088e5404178a55ff06dfb51b31e8bcc942f67f535b8cc174f5f0f9e32
                                                                                                                                                                                                                                      • Instruction ID: fa7a6029f0fa164e6792f3de15611e6e1b7d705e431856e5becb139663269857
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4938342088e5404178a55ff06dfb51b31e8bcc942f67f535b8cc174f5f0f9e32
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2316B7290EAC51FE394AE3854055EABBD0EF852F5F0402BEE08DDB5A3CE5D64058396
                                                                                                                                                                                                                                      Function 00007FF8497452AC Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c878bc865d2b66a91b96965af7022407a83eaac092f25f6d2ec5e227993f1215
                                                                                                                                                                                                                                      • Instruction ID: 49c03002aca94cb783778a2a7b547455fc7b63407cd0d645b2c70bd9a17fcd7e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c878bc865d2b66a91b96965af7022407a83eaac092f25f6d2ec5e227993f1215
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17318D72A2CD8F4FEAA4FE1C94906B273E1FFA83847554075C408C3247EE28EC428744
                                                                                                                                                                                                                                      Function 00007FF8497452F0 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9adc8f73ed46a795dec27d6c74ca4b54504aa463072c642d684e77fd8894b194
                                                                                                                                                                                                                                      • Instruction ID: 2c3002060f5181ed3d10b863caab82307c3a4bd8a9b03626d6d90fae25b89193
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9adc8f73ed46a795dec27d6c74ca4b54504aa463072c642d684e77fd8894b194
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1317A31A28D4F5FEAA4EF2CD494A72B7E1FFA83847614175D408C3246EE65EC428B80
                                                                                                                                                                                                                                      Function 00007FF849754F59 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7ab3ceeb7c9385947c10de4b07ce86163b5c54645b48ae22e0ff3f982037ca82
                                                                                                                                                                                                                                      • Instruction ID: 32cbfacfacbac18db54a92d24eeb578c27d13a359e341aa44640e09cde0d55fc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ab3ceeb7c9385947c10de4b07ce86163b5c54645b48ae22e0ff3f982037ca82
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8921A921F4DD5B4FFAE8AE2C74652B9A3C1EBD97E0B45007AD40DC75C9DC199C424384
                                                                                                                                                                                                                                      Function 00007FF849746CB0 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b16849b9bd0a5fc5cb1142bda70cf35e5b005111a6f83f2bbc7e07a0f4b2a264
                                                                                                                                                                                                                                      • Instruction ID: 64e1d5eb794887daa2caed7da2c664cc4a534bc0f8748c937e16babe0d1aeace
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b16849b9bd0a5fc5cb1142bda70cf35e5b005111a6f83f2bbc7e07a0f4b2a264
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E31E470A1DA955FFBA8BF6880A97BA66C1EF497C1F40107EE44EC32D3CD2898414B45
                                                                                                                                                                                                                                      Function 00007FF84974E581 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3cc6aa99a1dc0a0e8d7e0f47363af0a08f9d316648ec0b75e4e1b768d63c466d
                                                                                                                                                                                                                                      • Instruction ID: 9ab3cc792621966b8149ccdfbe84398fed585bcd5f7bd87aae4a8c4d53e1da60
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3cc6aa99a1dc0a0e8d7e0f47363af0a08f9d316648ec0b75e4e1b768d63c466d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50315B3180E6C64FE3756EB46C545B17B90EF463B6F1802BAD448CB1D3DA299806C356
                                                                                                                                                                                                                                      Function 00007FF8493A3E38 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8b215fd0a0ef1e7061cc6ce0ea4ba93b6dd1260ebf7197d88560af013ca150a1
                                                                                                                                                                                                                                      • Instruction ID: c1f9b73eb432a92557f8435bb42dc37a49d5cc85b36bf37ad98a21b6ade59f25
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b215fd0a0ef1e7061cc6ce0ea4ba93b6dd1260ebf7197d88560af013ca150a1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6031D772D1CA1D5FDB68AB18AC0A6BD77E1FF95760F10013EE04ED3193DE2868428785
                                                                                                                                                                                                                                      Function 00007FF84974E9B9 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3374fdc1e1cda636f9c253c410b5db9ce3462723364a7e76fa00255a0d658794
                                                                                                                                                                                                                                      • Instruction ID: 0dadfee2ef512c4ed7874591302d1ec21a855b9f6ffffcf928e943d0e95591c4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3374fdc1e1cda636f9c253c410b5db9ce3462723364a7e76fa00255a0d658794
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D31073190DAC64FD779EE58481B5B07BD0FF512A4F0809BDC48BC7193E928A80A8782
                                                                                                                                                                                                                                      Function 00007FF84974F2FB Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2fe2d95c0bb44fa30dc14194b56553b34f12228776ac4c1fda42f96decd99b32
                                                                                                                                                                                                                                      • Instruction ID: 8321a28dd3f56c0b29e31935d2994546a27ea216cda98dd2db683ee4f5e4ea14
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fe2d95c0bb44fa30dc14194b56553b34f12228776ac4c1fda42f96decd99b32
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A314931E5DA890FE7A8FE2890551B877D2EF99391F04067ED04DC3296EE68BC828745
                                                                                                                                                                                                                                      Function 00007FF849E42671 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: baee8b6ccf50a017c25b91c21721f4d2a7df67104a77b6a9e685ee0f85570fd8
                                                                                                                                                                                                                                      • Instruction ID: e1f789f7f646025804c6dd33509459baaaba31c1639a3a6adc2aa7a8846f4b34
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: baee8b6ccf50a017c25b91c21721f4d2a7df67104a77b6a9e685ee0f85570fd8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A314E72D0CAC28FE365AA2CEC9656077D0FF56394F0902E9C049CB297DE54A856C786
                                                                                                                                                                                                                                      Function 00007FF849750A44 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4e359949ba96c5d5b7ab357c0a1b48c1e8e6f5750857f1f864cab4b09fc0b8f6
                                                                                                                                                                                                                                      • Instruction ID: d0e48396a1bf322064fcd15307823cdb4fdeb0d2720257a2f8d2cd6278875531
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e359949ba96c5d5b7ab357c0a1b48c1e8e6f5750857f1f864cab4b09fc0b8f6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0319527E0D5E68FF6A5BE6C64971F5B7A0EF012F8F0801B6D04C8A593DD1DA8454788
                                                                                                                                                                                                                                      Function 00007FF8497504A0 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: adc9fa02c8af821de1e566b4166498cea8198a85e264711f5a926dc342252961
                                                                                                                                                                                                                                      • Instruction ID: ed9a7cc3289da3f009203f31fb93059739cdfae60d14343c4672e632bcd9d77c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: adc9fa02c8af821de1e566b4166498cea8198a85e264711f5a926dc342252961
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8021FB62E0DAC68FE7E1EE7C94652B5BBE1FF653A471801BAC04CC7697D9189C058344
                                                                                                                                                                                                                                      Function 00007FF84975384D Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1b4a8ed8358215d91e2edf78efe2a33eae54989ff300bb28796b8e600205cd77
                                                                                                                                                                                                                                      • Instruction ID: 6deeaf635faf583b24c9db689055ca55fef06caeefec0fb0b8d01666bbafe5a0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b4a8ed8358215d91e2edf78efe2a33eae54989ff300bb28796b8e600205cd77
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F21F751A0F9861AE2D0BBAC34427BB62A1EFD53D5F240076E10CF71D3ED0C680542BA
                                                                                                                                                                                                                                      Function 00007FF849BF0470 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2481215214.00007FF849BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849BF0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849bf0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 42fd4eaf44bfaf634980398342fdc61e38194bb4637524df171d19373cace42f
                                                                                                                                                                                                                                      • Instruction ID: 3d115c424791c2e47334f6e88b642d7a4dc8926a00bf5327501a5452014afcb2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42fd4eaf44bfaf634980398342fdc61e38194bb4637524df171d19373cace42f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43316461C1DFDA9FD770DB3914060B67BF0EF60A90B1809FDC1C98B5A7DC29A80A8B41
                                                                                                                                                                                                                                      Function 00007FF8493A3C5A Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2744467119e977cb1000a860a1bc77127321f8fd576751d9fb4f95ffc107339f
                                                                                                                                                                                                                                      • Instruction ID: 961dfe6b6c8ce72cdcb33ed63f568e7efb59ae25dcb16d4ba3f53fca07619b66
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2744467119e977cb1000a860a1bc77127321f8fd576751d9fb4f95ffc107339f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3031D43280E7C64FD7676A74AC110E57FE1EF83271B0901FBD589CA0A3D95E184A8392
                                                                                                                                                                                                                                      Function 00007FF84974EDCC Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 300309b6d395675357367b2d024ba5a892f8df5eae893563ac9d0bac46c0d877
                                                                                                                                                                                                                                      • Instruction ID: d7ebfebccb64416cfc863119a2e55358373898e1c673a88f6e9f16a9a248ea17
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 300309b6d395675357367b2d024ba5a892f8df5eae893563ac9d0bac46c0d877
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B21A523C0E6E14FF7B5EEA8691A1757BD1BF51BE0F4805BED048871C7DD1AA8058345
                                                                                                                                                                                                                                      Function 00007FF849E44079 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2b4131b8fe6dec80cbc9140e31691b555b49727a6fcac400d86ceb4c0fb64727
                                                                                                                                                                                                                                      • Instruction ID: cfb214eb2ecc47f007c104e99d89fd911564ac01bf1b986bf026b6a1a4d3bdee
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b4131b8fe6dec80cbc9140e31691b555b49727a6fcac400d86ceb4c0fb64727
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B314E30F1C94A9FEBA4EE58D4946BDB3E1FF98345F544179D40DD3285DA74A8428B40
                                                                                                                                                                                                                                      Function 00007FF849E42CE9 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 39612120f542a65418c9cb357d6ea16bd413742e59b52a28da504d31607cc890
                                                                                                                                                                                                                                      • Instruction ID: 0bd1ccd58dffad4f85dbd928c76a0c1690e3c9f364b48a0725f53b3b7aa6ac7d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39612120f542a65418c9cb357d6ea16bd413742e59b52a28da504d31607cc890
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0331E731D0DAC68FE366DB2C9CA56507BE1FF56350B0902E6C099C72E7CE98A806C352
                                                                                                                                                                                                                                      Function 00007FF8493A4D69 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1758a060c9bbd7840fd863a7d87e14c1da381a01ce426997110b99a62629ddc9
                                                                                                                                                                                                                                      • Instruction ID: 5f15b3b83409c40e20e39cd567602aea37b0193fe7792cf71209fe682944ff95
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1758a060c9bbd7840fd863a7d87e14c1da381a01ce426997110b99a62629ddc9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D521E67090E7C64FD7A79B2858582B47FE0AF57361B0951FFC088CB993CA5C9846C392
                                                                                                                                                                                                                                      Function 00007FF849751530 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 66f5c8fa942ef59d69f6a40632bda189673a65cddfd8106e7a67ed20177ff533
                                                                                                                                                                                                                                      • Instruction ID: 1d3161ab64224d12151a8ae43a90df88daf5ecd358faa62f5c334255effb60d5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66f5c8fa942ef59d69f6a40632bda189673a65cddfd8106e7a67ed20177ff533
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E21D63060DB864FE7E6EF2894586757BE1FF562E5B0904BBC04DCB5A2C928DC85C341
                                                                                                                                                                                                                                      Function 00007FF849E4573D Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 72c1dc3bbeee5f778da5a100fb3442bdbe78028633e894391b6eb48313fba275
                                                                                                                                                                                                                                      • Instruction ID: 0322407f8c6c9d19c9769c7ca3436ca1941eb432ae021cc14e3d6700ea7a0f10
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72c1dc3bbeee5f778da5a100fb3442bdbe78028633e894391b6eb48313fba275
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D219F71D0DACD8FDB96EF7888696A97FB0FF16201F0501EBD448CB1A3DA289845C741
                                                                                                                                                                                                                                      Function 00007FF84974AF7F Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d6be6d23c8632035a684fbf4f07a4162be5dd0952f3bc610992e5b564384b890
                                                                                                                                                                                                                                      • Instruction ID: 2d3af0df5bbd7c1a19494f096569fdf4ec649cebebb62e240b5286036773ebf9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6be6d23c8632035a684fbf4f07a4162be5dd0952f3bc610992e5b564384b890
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E221D63190EAC64FE3AA9EB85814635BBE1FB56291F0801FFC088C75E7DD69EC058381
                                                                                                                                                                                                                                      Function 00007FF8497404C9 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c574265ea1f49c34e2bc09b22485db0a6ac9f4e8923b218fea13f5702dab15f1
                                                                                                                                                                                                                                      • Instruction ID: f72fb25a0e34040bfc7a8459dd46f604fecadf9c351af3a12c0769cbfb5bebb7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c574265ea1f49c34e2bc09b22485db0a6ac9f4e8923b218fea13f5702dab15f1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6212731A0EBC94FE7A6EE7C98646747BE0EF56390B0900EBC449C71E3DA289C05C355
                                                                                                                                                                                                                                      Function 00007FF84974E6C1 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0f9ae9e7b0be8d2dfa4e5be9f9e67bdaf4f4a69ab8e35736f6f91852efd1cde3
                                                                                                                                                                                                                                      • Instruction ID: 87560874de57e73b0ec4b711cf10161065b19fafb3d3201b05ebf500a493f85c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f9ae9e7b0be8d2dfa4e5be9f9e67bdaf4f4a69ab8e35736f6f91852efd1cde3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E21037190D6418FD729EF18C88A4A537E2FF90360F1006BED8998B2D7DA35A856C7C2
                                                                                                                                                                                                                                      Function 00007FF8493ACE25 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2e69fa2ff2eb512b14e9c7c60d4bccff19ad1a23203881e1ea3d43f9d2b1b37f
                                                                                                                                                                                                                                      • Instruction ID: fcddcb2f9d1412bc532cdeb242944060e5b2a7b505c034e59805753461b3db10
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e69fa2ff2eb512b14e9c7c60d4bccff19ad1a23203881e1ea3d43f9d2b1b37f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B21C23041D7848FC755EB2CD8858A6BFE0EF96365F1809BEE4C8C7163D925A982C782
                                                                                                                                                                                                                                      Function 00007FF849746FF0 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f6adac8ffe05b53b349ba9bc98bc438a2498d35e0e63decf0579653b1d089e51
                                                                                                                                                                                                                                      • Instruction ID: 73b9be2b1ea660c0d4a4eac21a829b8e9324a278936cdeef9607c7bea71b27dc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6adac8ffe05b53b349ba9bc98bc438a2498d35e0e63decf0579653b1d089e51
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DC2124317199494FEA98FF2C8459BB937D1EF99391F4401BAE44DC72A3CE285C408741
                                                                                                                                                                                                                                      Function 00007FF8493A410E Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bda9d14a2c0276909d3792d3a9619b0a48e358402bb15eb5b2f66c63a6682111
                                                                                                                                                                                                                                      • Instruction ID: 68019565ca73fb5ad899f51c1e100f117025f2b38b93d82d50f76544b645fef0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bda9d14a2c0276909d3792d3a9619b0a48e358402bb15eb5b2f66c63a6682111
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D21D136D1CACA0EF7B0BA240C1A2B976E1EFB63B0F4411BAC40CC3883DD1C290A0281
                                                                                                                                                                                                                                      Function 00007FF8497448BE Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9e46334fad8f644ccddd84872e1c8ca7f1927cfd04354dd0d99675e57d4332a3
                                                                                                                                                                                                                                      • Instruction ID: 87c3958424c63f4d8451fef871d71b79c606d861c3e80e701599a2f07f553d34
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e46334fad8f644ccddd84872e1c8ca7f1927cfd04354dd0d99675e57d4332a3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE112E21E4EAC66FE366B7B408661F46AC0EF456D0B0940FAD04DC71D7DD0C0C4B43A6
                                                                                                                                                                                                                                      Function 00007FF8497483A2 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 96d430aa4160c3b0bdb1d71ef59a9a4c4898eea441fc17567a4af1e61db0d1d9
                                                                                                                                                                                                                                      • Instruction ID: 6fa6bc5715fcaada19e31505ea3119be6a20c554766d7ea1e85007bb73f72ba5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96d430aa4160c3b0bdb1d71ef59a9a4c4898eea441fc17567a4af1e61db0d1d9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A113032E0C91D4EEB78EA0C98456F9B3E1FB94350F1042B6D54ED3246EE35AD428B85
                                                                                                                                                                                                                                      Function 00007FF849750F60 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 18b5f08d7c9f67608a002976ce9f5eff46313444315b7f7234fcd16ff77b3da9
                                                                                                                                                                                                                                      • Instruction ID: d79a6a0ff531716f6a610d28e5e3e6b091118e55dc4826f9a861da73e37120ea
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18b5f08d7c9f67608a002976ce9f5eff46313444315b7f7234fcd16ff77b3da9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D114C30D0DA8E8FDB94EF6888556BABBF0FF59340F0004AAC41DD72D2CA789954C780
                                                                                                                                                                                                                                      Function 00007FF849745780 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9633efb6b4a62d59f410b1ca3cb6b802261316fc58987c06309006a354a3ca7c
                                                                                                                                                                                                                                      • Instruction ID: e6223af94aa3e30f38a64ccf36f6837297e2694a43bb5ff0489a7ac27717b102
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9633efb6b4a62d59f410b1ca3cb6b802261316fc58987c06309006a354a3ca7c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4116131608E0C4FDBA4EE1CD454A76B3E5FBA8351F51467EE449C3395CE26E845CB41
                                                                                                                                                                                                                                      Function 00007FF84974E235 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e4e74218ede7c9820f516bdf494899fe7ff0e15d5e356ebfa39cb322944fba30
                                                                                                                                                                                                                                      • Instruction ID: 8c047c62901ea83a3bffcce3c488038bb4d4500be90fae1b3040ab9d501570ae
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4e74218ede7c9820f516bdf494899fe7ff0e15d5e356ebfa39cb322944fba30
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2611CE3090CA8D8FDF85FF18D4515A97BA0FF66350F0402AAE45DC71A2CB35E968CB81
                                                                                                                                                                                                                                      Function 00007FF84974EEDC Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 1a1ebce6385e265e1f5a62528341513a04268c545fc25a19fee56b8147348604
                                                                                                                                                                                                                                      • Instruction ID: da8d140f180ccdd4aacf10537df600684bb9b746c50cf64d4990af425982c1de
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a1ebce6385e265e1f5a62528341513a04268c545fc25a19fee56b8147348604
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D101D232D0DAD54FE7B4ADA855192A077D1FF907E1F4804BAD048C71C2DAA96804C385
                                                                                                                                                                                                                                      Function 00007FF8497510E9 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2607a504ff8dcf3a3e2de07493aea556882600c5fee10ee1d22b8bad091d19f2
                                                                                                                                                                                                                                      • Instruction ID: 9e14dc5c37ce913bec015857cd76692fa35eccd63bcb1e1571eda0e147805dd3
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2607a504ff8dcf3a3e2de07493aea556882600c5fee10ee1d22b8bad091d19f2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5701B550C0E6C61FE7F66F384466671AEA09F422E5F0900FAD48CCA9D3CC0DDC8583A6
                                                                                                                                                                                                                                      Function 00007FF849E41D08 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 026fb41da84a3c5c187261c885f3d882d10c854fb20e7c6475de9290c861aca0
                                                                                                                                                                                                                                      • Instruction ID: cf710f806910cd4fb1306833a28f69251627f6e18485f516c2fb6a111aa9a7df
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 026fb41da84a3c5c187261c885f3d882d10c854fb20e7c6475de9290c861aca0
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00016833A0CEDC0FD759E62CA8505A573C2FBE5355F08067AD04DC3182CD599D0183C2
                                                                                                                                                                                                                                      Function 00007FF8493A4DA0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3f93b873feae3cffd2499e7798b42555e92da5a70f47c8bdd84db227fd1138a8
                                                                                                                                                                                                                                      • Instruction ID: 6502c038b84d41c91c2d02d32bfbc8afc03d02a27ccb6ef6fd8b3e39a7bd0464
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f93b873feae3cffd2499e7798b42555e92da5a70f47c8bdd84db227fd1138a8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C01FC31B1CB964FEAB4FF1C985967533D1FF9A365F44117DD049C7682DA28A8438381
                                                                                                                                                                                                                                      Function 00007FF8497436B2 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 122ae2403f49045007f9c93c07b2fa53a76a8b4e455f4073608c405b4a4aa009
                                                                                                                                                                                                                                      • Instruction ID: 0ea034401c6a7f02c1b0fd20aa9e4fe2b3378fe9deff5d8ac79f39af0d5fcfac
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 122ae2403f49045007f9c93c07b2fa53a76a8b4e455f4073608c405b4a4aa009
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39018121F0D9594FEBA8BA9C68962F973D2EB987A0F04017BE44ED32C6DD186C1147C9
                                                                                                                                                                                                                                      Function 00007FF84974FC99 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cfc1c93bc50e679e38cb8bfca2bcde2fed5ed31daee54846bf7ec172cfd61ae1
                                                                                                                                                                                                                                      • Instruction ID: eb86800a51ef84a69544ca6227288ada4009e04059ce8c513b3fd420b0e5816a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfc1c93bc50e679e38cb8bfca2bcde2fed5ed31daee54846bf7ec172cfd61ae1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5017131A4CD9A8FEBA0FE689444671B3D1FF68399F04053AD84CC7192DB24F9418785
                                                                                                                                                                                                                                      Function 00007FF849754447 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3461d014cc43a77c6efec36ebe813e8fdfac9afb1c59395e035a69b2ec49818a
                                                                                                                                                                                                                                      • Instruction ID: c168751478efd5ae275a78a0571055a454fbece4a5a51e3ec4e9bb5f23f3d8d2
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3461d014cc43a77c6efec36ebe813e8fdfac9afb1c59395e035a69b2ec49818a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FF02D72D0C9965FE2F4AF2C68482B6F6D1E7E52B4715017FD41DC3A94EC5A98054380
                                                                                                                                                                                                                                      Function 00007FF849751378 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 75d70d4426fe49deffae157b3c3f54fbfccfe5f65deb0c5a3fd683761f6ffe7d
                                                                                                                                                                                                                                      • Instruction ID: 1294a58b35a408e24abf8757966f378b3149259a5a0ad262c4eb7b939f531de5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75d70d4426fe49deffae157b3c3f54fbfccfe5f65deb0c5a3fd683761f6ffe7d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03019231E1DD4A4FD7E8EE288065662A2E2EFA8394F145539C40CC7A85EE28E8428784
                                                                                                                                                                                                                                      Function 00007FF8493A45C0 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cc4dc40fdfc916e4b4be42ab1578e1d8aac819577614fd575b4870b52a1ad8e3
                                                                                                                                                                                                                                      • Instruction ID: 8436b75c84ca5a043d3a49553010b10e4b152e1f35658d1f4bd8a34023272994
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc4dc40fdfc916e4b4be42ab1578e1d8aac819577614fd575b4870b52a1ad8e3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D01713060AA0D8FDB45EF28C4516E9B3A2FF89350F5055B9D40AD72D6CE3AE856C740
                                                                                                                                                                                                                                      Function 00007FF8497506E0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f3c9289c51876ff175a47726759af59809971bf4be809947ba412f5d33bb4611
                                                                                                                                                                                                                                      • Instruction ID: f15c0e1d81249758b00092eeb2af4b7e023d4344d379ae8b0a0708d05c786f33
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3c9289c51876ff175a47726759af59809971bf4be809947ba412f5d33bb4611
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97F02832908D5D8FDFA0FE18E8046E6B7A0FB693A4F0501AAD44DC7111DA21AC42CBC0
                                                                                                                                                                                                                                      Function 00007FF8497503F8 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f2d0a8cbf60eb0d47592dc4b1748c88611e752cbfc3bff73c0d6dc8315c9338d
                                                                                                                                                                                                                                      • Instruction ID: 795e3efd867d857c9927cdb80e8dea73cc75497d64930da62d919c152cf1f69d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2d0a8cbf60eb0d47592dc4b1748c88611e752cbfc3bff73c0d6dc8315c9338d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21018431E1990A4FD7A4EF288055B66A2E2EF98394F10553AD40DC7A85EE28E8428784
                                                                                                                                                                                                                                      Function 00007FF849744831 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 939af1d971fe1afbce640088e9c01ac999b890cd54d95c37e4bd1a6a907268da
                                                                                                                                                                                                                                      • Instruction ID: 10962be5d8c5ddf16ddc023496cdd8a9475d649a0a741a51eb5200254146e6e5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 939af1d971fe1afbce640088e9c01ac999b890cd54d95c37e4bd1a6a907268da
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4DF06232B1D9591FE258B76C28262F967C6EB996A0F0401BFE84DC728BDD1D1C4643CA
                                                                                                                                                                                                                                      Function 00007FF8493A5D55 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 39263c48e12ef5bd4e8cc4dc5fe5e7672397d8c881c1a19d87b269728c75119c
                                                                                                                                                                                                                                      • Instruction ID: beb1ef2ecab869937765b04064fc5b9ef52e7faf8864454ce3db73feef30c3c1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39263c48e12ef5bd4e8cc4dc5fe5e7672397d8c881c1a19d87b269728c75119c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E018B3181E7C60FEB767B342C196F83BA08F532A0F4815FAC8898B5E3DA0D68478351
                                                                                                                                                                                                                                      Function 00007FF8493A0E23 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 290135730b063f506af3393a14f8dc64aa01a01da53f111bb6f2bdf755d7d7d6
                                                                                                                                                                                                                                      • Instruction ID: 76c3a37165ed5db23e1327b99b5f2678dfac936698cf8b1dd284673dce924838
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 290135730b063f506af3393a14f8dc64aa01a01da53f111bb6f2bdf755d7d7d6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C01263191F7D29FD745FB3C68914E67BA0FF42268F0411BBE088CB083EA1D98868395
                                                                                                                                                                                                                                      Function 00007FF8493A5D84 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 89d11bbdea97b06bbd196311e782cac00eee8f6f72438d5ea3944e28004e5be3
                                                                                                                                                                                                                                      • Instruction ID: 141e7e655171423754edab70f088a022b74f7e68ce040c25a878c336a65fde56
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89d11bbdea97b06bbd196311e782cac00eee8f6f72438d5ea3944e28004e5be3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6EF0A23190D7C60EEAB879383C095F832819F821B1B041176C84C871D2DD09A8838241
                                                                                                                                                                                                                                      Function 00007FF84974C9F6 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 502f8a2257c59ed30f09700be0a21b0cb1565720f8cc4a545c649cf4ca15911d
                                                                                                                                                                                                                                      • Instruction ID: 156baf3fbca95ee47260893bc62778760eb2961e3c7983e931032a739995c032
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 502f8a2257c59ed30f09700be0a21b0cb1565720f8cc4a545c649cf4ca15911d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B01753090DAC64FEB69EF7994166A07BD1AF16384F4D05BDC04EC61D3CB19E885C745
                                                                                                                                                                                                                                      Function 00007FF849E42125 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: abfa7b213d560eb3557cd6e769a303d0ea9a983b64e45a6366924d7ea2d1a6b9
                                                                                                                                                                                                                                      • Instruction ID: 627422d48c44507aa795cb2bdca62a3ce413f69560b1cfd1decb3ed0c8f5e40a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: abfa7b213d560eb3557cd6e769a303d0ea9a983b64e45a6366924d7ea2d1a6b9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DAF0C832F0D9868AEF59A63D7CA15FD7682EFC5781F4842BAD10DC2397DF989C024140
                                                                                                                                                                                                                                      Function 00007FF849E408A6 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7b2b86efda6df442a449bc89e0e120071ce06480cf6e8e03c2051b6df74f52e4
                                                                                                                                                                                                                                      • Instruction ID: 19c6f124eaf0bb7bbac150d148a4ea9a3d7dbb57355b64a22ab5cd05bf89c761
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b2b86efda6df442a449bc89e0e120071ce06480cf6e8e03c2051b6df74f52e4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0701AD22A4E7C11FE3766B786D621A07FB1AF8735171901FBD488CB0A7C95DA8068392
                                                                                                                                                                                                                                      Function 00007FF849E46451 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c2427e02f9ce1b43180ad4b7d228df4836014a9279409e22120963cd27eeccdc
                                                                                                                                                                                                                                      • Instruction ID: 85435c9cdbbf24dd5b0b9e276ce5a23fcf0a32cff94f418cb9b82a47174fd9ba
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2427e02f9ce1b43180ad4b7d228df4836014a9279409e22120963cd27eeccdc
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9F0B421A0E9C54FE359E62D64503A47BE1EF8A350F4801BAE18CC72C7D8AD5C528392
                                                                                                                                                                                                                                      Function 00007FF84974F39D Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d7da6b2a224db7d40ef62c22bf35aeefff0b080510e85f658d72f4fc509451c9
                                                                                                                                                                                                                                      • Instruction ID: 579c48bad7c6d30fd3278707f15a8822ef05049bfbcb3f1b4c356e88709390e4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d7da6b2a224db7d40ef62c22bf35aeefff0b080510e85f658d72f4fc509451c9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19F0C231B1EA880FD398EA6C54AA179B7D1FF9C251B4401BBE00CC32A2DA58A804835A
                                                                                                                                                                                                                                      Function 00007FF849748C92 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 9a3427334db8a71506a0a6d432b52178f27ba11e8a32d489c154f444a72f1ad6
                                                                                                                                                                                                                                      • Instruction ID: 5dc0e3b09f8cf0d1593ea4ae4519439d263f147b59c1881da5067bb92b318ee6
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a3427334db8a71506a0a6d432b52178f27ba11e8a32d489c154f444a72f1ad6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AF0967250DA4D4EE368AF58B8436FAB3D0FB81320F60413FD18AD3053DE2EA5068646
                                                                                                                                                                                                                                      Function 00007FF8493A0E28 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 575a3e2148f378701019c835990a9462deca15da1335525b91f68ae342a5148c
                                                                                                                                                                                                                                      • Instruction ID: d9728abeb5d1e628460562e5954a64fdceee6439b8c02b76b68ded2ef2134da7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 575a3e2148f378701019c835990a9462deca15da1335525b91f68ae342a5148c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6F0D63091F7829FC741FB2858910D67BA0FF0225CF5411BAD088CA083DA1D94868395
                                                                                                                                                                                                                                      Function 00007FF8493AC18E Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 276b26cb7ac3563d549e5f3c049f43411c2c1736e21f09a9e77437f7cee09bda
                                                                                                                                                                                                                                      • Instruction ID: 61f761686fcb10fff0346b9956e38fb397c3a921b89c5b6f07d148ca02bb34b4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 276b26cb7ac3563d549e5f3c049f43411c2c1736e21f09a9e77437f7cee09bda
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DF0EC30008A0C8FDB48EE59D845AEABBA4FF55368F10012EE86EC3181C231E463C780
                                                                                                                                                                                                                                      Function 00007FF849E45CD1 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 45162559b49c0f9ebac9fe19a9c8ac94d92da2840c07b9d26a36aafe9797511c
                                                                                                                                                                                                                                      • Instruction ID: 460fb12d37b32334c03388533fd5dcbc8f0fc0c5935fcec4dd27abd37febea80
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45162559b49c0f9ebac9fe19a9c8ac94d92da2840c07b9d26a36aafe9797511c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6F0E03190EF870FE775A62984691317FE0EF2510030805BFC45AC74A6DD4894448701
                                                                                                                                                                                                                                      Function 00007FF849E43371 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 797de2f33123daa6b9f348f4e66f162254aba0253d4d4f6314bec008a3cc6a0a
                                                                                                                                                                                                                                      • Instruction ID: 8ea4b05ca0fa7a23461f0f40195ebc47de90e7bcae93f8746b1de6ffb58254ac
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 797de2f33123daa6b9f348f4e66f162254aba0253d4d4f6314bec008a3cc6a0a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1F02072C0D6CA8FE726AF7028A10E67FA0FF11254B0800EBD45C8B093E98CA91A8741
                                                                                                                                                                                                                                      Function 00007FF84974EEC7 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b474255bba98a1dd225dc29f6480434fef72f74354243337221083c79d8fd92a
                                                                                                                                                                                                                                      • Instruction ID: 3442f8dde4b90dfa27e83f7e1c290aa3e682cd2ce382a00daf85a75a7cd36f74
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b474255bba98a1dd225dc29f6480434fef72f74354243337221083c79d8fd92a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3CF06D3181DACA8FE6F8FE98A50A2A47391FF913E5F480579D048861C3DA6DA842C348
                                                                                                                                                                                                                                      Function 00007FF8493A3175 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8eed64c540ead5f35e2839b656d8dc9f8a64812c3838fcfa072f72e454361247
                                                                                                                                                                                                                                      • Instruction ID: ab843215ee7c8bf70389c3df49561efa7f278036da0f04805d5a2564177b2865
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8eed64c540ead5f35e2839b656d8dc9f8a64812c3838fcfa072f72e454361247
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4EF0347184F3C00FE312AB34486A195BFA0AE23214B4D45EFC4888F1A3E61E584AC712
                                                                                                                                                                                                                                      Function 00007FF8497499B6 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3327ab862275a65a60cf0e5d1d7ac629f011fb479d2be0887d9f358648ad1b8a
                                                                                                                                                                                                                                      • Instruction ID: 119364604d892d9aa89b24b8b9060fbdfad76029c77bb10596fea03ccd44c5f4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3327ab862275a65a60cf0e5d1d7ac629f011fb479d2be0887d9f358648ad1b8a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15F0302071DC5F4FEA98FF6C94552B8A2C2EF88281B500679D40EC2297DE29AC834345
                                                                                                                                                                                                                                      Function 00007FF8497498ED Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 7e9c281faa39eb1c97cdeb037a5dc27ce820dcbfe632ebc43dad77bdffeb810f
                                                                                                                                                                                                                                      • Instruction ID: 04dd1015064e61eca51ca09375ab1403b1b62ce487a1dd5e8719653344bec9fd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e9c281faa39eb1c97cdeb037a5dc27ce820dcbfe632ebc43dad77bdffeb810f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14F0A77180E7C44FE752EF688819A4ABFF0FF56350F4845AEE089C7263C26C8544CB02
                                                                                                                                                                                                                                      Function 00007FF8493A3AA1 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f0527227b936356a8e4299e7780af48f19e675fde1a733400d4247704b2ace71
                                                                                                                                                                                                                                      • Instruction ID: 104a25d2223915f6eedd1dcd341fa478043070b76f9566ba7e747ef29f73883f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0527227b936356a8e4299e7780af48f19e675fde1a733400d4247704b2ace71
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4BF0DA3560964E8FCF45EF48D8819EAB3B1FF58361B108766E419D7149CA34E995CBC0
                                                                                                                                                                                                                                      Function 00007FF849751130 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0c66f1bfbfbb1cdecbc51bf7e71945c51912e7b3a5a9c230463d2280c7e93ee7
                                                                                                                                                                                                                                      • Instruction ID: 9b182d3fd203626fd1ebe368add1adeb75bb00036fdcb0c72707fa7d6e46b3fd
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c66f1bfbfbb1cdecbc51bf7e71945c51912e7b3a5a9c230463d2280c7e93ee7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0E06524E2CD5A0AFBE47F3C60097B596D0DF542A5F1404BAE80CC1695DD2DCCC143C9
                                                                                                                                                                                                                                      Function 00007FF8497480B1 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 647193719d29249f523add2d501522ae0b9dd71fed82f2b4c8abf6ebcc6c5d77
                                                                                                                                                                                                                                      • Instruction ID: 3fb4d4fcd806ecc3d169ceae7896ea3d2edab5cb5b56e68d3e7cfaee6b303b62
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 647193719d29249f523add2d501522ae0b9dd71fed82f2b4c8abf6ebcc6c5d77
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CDE0DF22F2DA8F5FE2E8EDEC24852B127D2EB68AD4B00407AC90CC7293ED1D5D0A4304
                                                                                                                                                                                                                                      Function 00007FF849E40D07 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e197af8b337b578d78b0c070d6fd4f37d754f04a83399c005dcb6af0518402a5
                                                                                                                                                                                                                                      • Instruction ID: d80407b1e3be169c8e37732f2acb3479e7395fae64185e99ba8a425ff6ebb8fe
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e197af8b337b578d78b0c070d6fd4f37d754f04a83399c005dcb6af0518402a5
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BBE08C12F4C84A4BD6A5B53C70466F567D2EB982B1B9405BBC009C2A8ADD5A5D420280
                                                                                                                                                                                                                                      Function 00007FF84974BBB0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a0836f0d1de00e754e941114200f2f29149b66cbce744586216edae7e1d704fe
                                                                                                                                                                                                                                      • Instruction ID: 8a7f2909f96dcd9b2db643d0975a5073402c812c3d708d9869291bee26889bd9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0836f0d1de00e754e941114200f2f29149b66cbce744586216edae7e1d704fe
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38E01272A5E90D1AD580BA5C7C026EA7391FF88364F600277E54DF3147DD1DAA454292
                                                                                                                                                                                                                                      Function 00007FF849E4086D Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5677a73ba086be9b041d84e36cdd6d42e3859c3b36e1ecb60fb722596be3345a
                                                                                                                                                                                                                                      • Instruction ID: b13d25293e35a6c0f905f1ae80818daffacc29b38c13c0eae6e8074c917bd8cc
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5677a73ba086be9b041d84e36cdd6d42e3859c3b36e1ecb60fb722596be3345a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AE02632A4DA864FE370BE7CBC510A07390FF46741B5005BAD44CC3153CA6BA842C282
                                                                                                                                                                                                                                      Function 00007FF849742C18 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 01dd8646f4057c26d5dbc785d39e8f542a8e6ae553dccb6d64888b15b3162558
                                                                                                                                                                                                                                      • Instruction ID: 7dfd6982c3cfe3b5782b508bed5304b9bedb322d07a14bcac5042db6cf74fd02
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01dd8646f4057c26d5dbc785d39e8f542a8e6ae553dccb6d64888b15b3162558
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ADE0C730A1DC89CFEA88EF2C889492037D1FF2C384B5600E8E00DCB2A2F914E881D309
                                                                                                                                                                                                                                      Function 00007FF849BF218C Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2481215214.00007FF849BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849BF0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849bf0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ce21aa4194796b2295858b6f0c0adb82f622f75dd3e0074c5c193884fee52fa7
                                                                                                                                                                                                                                      • Instruction ID: 929800b36cd48e5696b2cd88b6eedb4251ab463b873a3cab54d9dc7904c9a96a
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce21aa4194796b2295858b6f0c0adb82f622f75dd3e0074c5c193884fee52fa7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FE0C221B3B94A0BEB89F668A0815FAA2A0EB54240B8040B2D40EC22CFDE1D95414358
                                                                                                                                                                                                                                      Function 00007FF8497492D6 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d60643acaa8e1ba5c1e68aa4648d4eae304eb344ed6df332d9409421a5a3c728
                                                                                                                                                                                                                                      • Instruction ID: fd22f4659175479eb7278b7e1228f3186a0ad410768c2ccf7ccfa078c84a357d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d60643acaa8e1ba5c1e68aa4648d4eae304eb344ed6df332d9409421a5a3c728
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52D05E31B18C0A0FE699BB2C240427921C3EBC95A17A841B9D40DC339ADE2AD8834344
                                                                                                                                                                                                                                      Function 00007FF84974940F Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c37e2b71a3c3a7eb9fc2fde7e6cb5516b7865699509031e3181c875c639b4b57
                                                                                                                                                                                                                                      • Instruction ID: 0d17c5ab9576281d131c5e22360569baf283c904d6672648c971f05856a12d45
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c37e2b71a3c3a7eb9fc2fde7e6cb5516b7865699509031e3181c875c639b4b57
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDD01222B4F91D0FAA84F65C74022F8B3D1DB85271B0004BBD90DC3297DD5F5D564288
                                                                                                                                                                                                                                      Function 00007FF8493A1C3A Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5f6f78313b870e7d57d9ec6aa2db824c9f9c41054bf7bfe9335054003b1d87ac
                                                                                                                                                                                                                                      • Instruction ID: 43663d3120f9899fdd2ae3e204447ca4d7c4d95487f68780e6b972648bbb325d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f6f78313b870e7d57d9ec6aa2db824c9f9c41054bf7bfe9335054003b1d87ac
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0ED0C23201CA485FC754EB04D482CDAF390FF94340F800A3EF08A82060EE64A181C782
                                                                                                                                                                                                                                      Function 00007FF8497472CE Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d002dff16211b65974b4d9a2b5de37873f1ffcea6324e24e9a219178a4345e02
                                                                                                                                                                                                                                      • Instruction ID: d0bc947320cac875eb151779a3bc69a0aa1d65c3724608fb3522804155e41b4f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d002dff16211b65974b4d9a2b5de37873f1ffcea6324e24e9a219178a4345e02
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8C0122374DA2409E560701C78065F5B3C0D752671F011567D045C1145DC1A5DC742C6
                                                                                                                                                                                                                                      Function 00007FF849743A11 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 96767e3b65820e966df068d04b2e03c87bbcc3280abc0849dcae3fd56c19c0c7
                                                                                                                                                                                                                                      • Instruction ID: 08617c1630e877eef9eec3db2eb32b10f4d10a907b5328b1f3b9faa52fd61664
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96767e3b65820e966df068d04b2e03c87bbcc3280abc0849dcae3fd56c19c0c7
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7C08C2279790D0BD240A098B8840F2B3A0D7580227400637C90AC2219DC4B19814240
                                                                                                                                                                                                                                      Function 00007FF84974CC62 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f0dc268f50288368df6a38c412dc47b31e29bb651f48584a386bdac9871fa7ce
                                                                                                                                                                                                                                      • Instruction ID: d7d2d5da08a6e4ed26f228d2ecdbb40c8b4ed67750086ec03dd4950e447efd0e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0dc268f50288368df6a38c412dc47b31e29bb651f48584a386bdac9871fa7ce
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44D0A721E1D8CB5DEBA87A7880126E51691DB62380F8441A9D00EC21CBCC1C98054348
                                                                                                                                                                                                                                      Function 00007FF849745DA3 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2469914177.00007FF849740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849740000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849740000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b0fa95f785b04251c0689be5edc72c336f44c733aae68ebef8c8b7754f965bd2
                                                                                                                                                                                                                                      • Instruction ID: 5b8de5abeecc1c137fbc50491e5106716827e56a0d134a0dc82cee984120bd24
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0fa95f785b04251c0689be5edc72c336f44c733aae68ebef8c8b7754f965bd2
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05C08C3340D6081AD700B204FC828C9F380EAC02A0F801F32F88A81058F695A7C242CB
                                                                                                                                                                                                                                      Function 00007FF849BF202A Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2481215214.00007FF849BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849BF0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849bf0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 33c9934b1949ff6bfc1f7e4b2089a842dbdb1e4ca05b046b919d1ecb287f3e84
                                                                                                                                                                                                                                      • Instruction ID: 46d7bc0ea6d5c1dbb1fb7d121492336699b03c2d826759f699f00a09e30ab004
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33c9934b1949ff6bfc1f7e4b2089a842dbdb1e4ca05b046b919d1ecb287f3e84
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93C08C17F0E9EBCFF268BA3C28190E86390EB699E0B1089B7C08DCB1DAD9001C094285
                                                                                                                                                                                                                                      Function 00007FF8493A453D Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2464324323.00007FF8493A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8493A0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff8493a0000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bf4c6d486b8659596e5b4d234fc5383c15d2377d81838de8cd89843944ca9f1b
                                                                                                                                                                                                                                      • Instruction ID: 239afa1dc0108976ae94d0e63aa1a97d173aa75eef995187f027e870185ae057
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf4c6d486b8659596e5b4d234fc5383c15d2377d81838de8cd89843944ca9f1b
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4CB09233E4D14A8DEA202894B8060FDF310EB823B6F102233D31D82481890A20254191
                                                                                                                                                                                                                                      Function 00007FF849E433B6 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000004.00000002.2485212902.00007FF849E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849E40000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_7ff849e40000_SourceTree.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e9b0a0de2c112d06233c72ad2dadd39fbe96d21abb4f748335f28dafaa9e8b7d
                                                                                                                                                                                                                                      • Instruction ID: e82e0368c2955cef6e4a16213377205f9af72270aabc719065d85d3f22aed319
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9b0a0de2c112d06233c72ad2dadd39fbe96d21abb4f748335f28dafaa9e8b7d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ACB0123198844D4ACF21A9A024010EC32509B44300B000423A90DC3142DD2655300140